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Preface 

Supervising the Network has two puiposes: 

• To help you set up your NetWare® network after completing the NetWare® 
4.1/9000 NetWare Services installation procedure 

• To help you manage your NetWare network after you have installed NetWare® 
4.1/9000 NetWare Services. 

This manual is to be used by network supervisors or system administrators 
responsible for maintaining all or part of a UnixWare 2.1 NetWare Services 
network. 

Overview 

Supervising the Network is organized to help you take advantage of your 
networking experience. It provides quick access to utility instructions while 
allowing a more detailed study of the theory and concepts behind NetWare® 
4.1/9000 NetWare Services. 

Once you are ready to work with the NetWare utilities, you can find 
step-by-step instructions for those utilities. 

• The graphical NetWare Administrator utility is available for users of Microsoft* 
(MS) Windows (referred to as Windows in this manual). 

• The NETADMIN, FILER, and PARTMGR text utilities are the DOS equivalent 
to the NetWare Administrator utility. 

• The HP-UX command line is used for administering nwcm and other NetWare 
utilities. 

Before You Begin 

All of the tasks described in this manual are intended primarily for use by a 
NetWare network supervisor on an HP-UX 9000 system. Other users with 
sufficient rights can also perform these tasks. 

For a definition of user types and a listing of rights and what they allow, see 
Chapter 3, “Managing the NetWare Services File System,” in this manual. 

Also, make sure you have installed and set up NetWare® 4.1/9000 and gone 
through the complete installation procedures for the NetWare® 4.1/9000 
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NetWare Services product. This includes running the required Directory 
Services Install (DS_Install) utility and creating your client diskettes (if 
desired). See Installation Handbook for complete instructions.. 

Before moving to other areas of this manual, we suggest you take a few 
minutes to read all of this preface; then read through the Table of Contents to 
understand the layout of this manual, and finally read Chapter 1, “Getting 
Started,” to ensure that you have followed all of the appropriate steps before 
you begin to administer your NetWare network. 

Checklist for Installing and Setting Up Your Network 

To set up your NetWare® 4.1/9000 NetWare Services network, use the 
manuals in your NetWare® 4.1/9000 NetWare Services set in the order 
shown in the following checklist. (Chapter-only references refer to chapters 
within this manual.) 

• Install the server and client software. See Installation Handbook for instructions. 

• Understand NetWare Directory Services™ (NDS™) by reading Introduction to 
NetWare Directory Services. 

• Set up NDS objects, such as organizations, groups, and user accounts. Chapter 2, 
“Setting Up and Managing NetWare Directory Services Objects,” which gives 
you information and procedures about objects. 

• Set up your NetWare protocol stacks and networking environment. See Chapter 
7, “Maintaining the NetWare Server,” for information. 

• Set up your fde system and install network applications. Chapter 3, “Managing 
the NetWare Services File System,” contains the planning guidelines and 
instructions for creating directories and installing applications. 

• Plan and create login scripts if desired. Chapter 5, “Customizing the User 
Environment,” explains the types of login scripts you can create for network 
users. 

• Set up printing. See Print Sendees for information and instructions. 

Managing Your Network 

After setting up your NetWare network, use this manual to help you keep 
your network updated and running efficiently. 

This manual will help you perform such routine tasks as managing your 
NetWare Directory database and its associated objects, maintaining your 
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NetWare file system, and setting up your NetWare servers. 

Software Requirements 

• NetWare® 4.1/9000 

• NetWare® 4.1/9000 NetWare Services 

• DOS, Win 95, Win 3.11 and NT on the client 
Other Requirements 

Unless otherwise stated, all tasks documented in this manual are intended for 
a user having the Supervisor object right to the Root object and to the Server 
object for native NetWare, plus System Owner permissions for configuration. 
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Introduction 

This chapter briefly explains the NetWare Directory Services™ (NDS™) 
scenerio and what objects exist in the NDS tree immediately after you install 
NetWare® 4.1/9000 NetWare® Services (NetWare Services). It also 
explains how to set up users on HP-UX. 
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Setting Up Your Network 

Before you can fully manage NetWare Services, we suggest that you 

perform these tasks: 

• Install NetWare Services (as described in Installation Handbook). 

• Run /opt/netware4/bin/dsinstall to install the NDS database (as described in 
Installation Handbook). 

• Ensure that the server is up and running (as described in Installation Handbook). 

• Create client diskettes to install on each DOS, Windows 3.11, Win 95, or NT 
client (as described in Installation Handbook). 

• Set up users on the network (as described later in this manual). 

• Set up the network printers (as described in Print Services). 

• Install and start the NetWare Administrator graphical utility for Windows 3.11, 
Win 95, or NT or the NETADMIN text utility for DOS (as described in later in 
this chapter). 

• Create your container and leaf objects (as described later in this manual). 

• Configure your NetWare server and network using NetWare Setup on HP-UX (as 
described later in this manual). 
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Administrator Status 

As a network administrator, you will find the tasks in this manual require not 
only ADMIN status when working in NetWare, but also superuser status 
when using HP-UX: 

• From a DOS or Windows client connected to NetWare, you will be using utilities 
such as NetWare Administrator, NET ADMIN, FILER, and so on, to do network 
administration. 

• From an HP-UX server, you will be using SAM, and other options to configure 
NetWare to run with HP-UX. To ensure that you are the System Owner or have 
System Owner privileges, see User Setup in the System Owner Handbook. This 
describes what privileges are necessary to administer HP-UX. If you installed 
NetWare® 4.1/9000 on your system, and you are designated as the superuser, 
you have the required privileges. 
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About Objects 

Refer to the sections in Chapter 2, “Setting Up and Managing NetWare 
Directory Services Objects,” for basic tasks on 

• Creating and managing objects, such as Users, Groups, Organizational Roles, and 
Profiles. 

• Searching for objects. 

• Moving, deleting, and renaming objects. 

• Changing properties of objects. 

You can use either the NetWare Administrator graphical utility or the 
NETADMIN text utility to perform the tasks. Both methods are explained in 
detail in Chapter 2. 
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After Installing NetWare Services 

Table 1-1 lists the objects that exist in a Directory tree immediately after you 
install NetWare Services and the default rights those objects have. 

Default Objects and Rights in a Directory Tree 


Default objects after installation Default rights after installation 


NetWare Server object for the 
server on which NetWare Services 
was installed. 


User object ADMIN has the 
Supervisor object right to the 
NetWare Server object, which 
means that the User object ADMIN 
also has the Supervisor right to the 
root directory of the hie system of 
all volumes attached to the server. 


Volume object SYS:. The container object for Volume 

object SYS: is granted Read and 
File Scan rights to the volume’s 
SYS TUB LIC directory. This 
means that when users are created, 
they can access utilities located in 
the SYS TUB LIC directory. 

Root is granted the Read property 
right to the property’s Host Server 
Name and Host Resource on all 
Volume objects. This means that all 
objects in the Directory tree have 
access to the physical volume name 
and the physical server name. 

User object ADMIN has the 
Supervisor right to the root 
directory of the hie systems on 
these volumes. 


Volume objects for any other 
volumes on the server’s disk 
besides SYS: that you created 
during installation. 
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Default Objects and Rights in a Directory Tree 


Default objects after installation Default rights after installation 


User object ADMIN. 

When the User object ADMIN is 
first created, it is placed in the 
Organization container object by 
default. This may not be the same 
context in which you installed the 
server. 


User object ADMIN receives a 
trustee assignment of Supervisor 
object right to the Root object of 
the Directory tree; therefore, the 
User object ADMIN has all rights 
to all the objects in the Directory 
tree. 

The User object ADMIN also has 
the Supervisor object right to the 
NetWare Server object; therefore, 
the User object ADMIN has the 
Supervisor right to the root 
directory of the file system of all 
volumes attached to the server. 

Public has the Browse object right 
at the root. Users who are attached 
to a NetWare Directory Services 
server, but who are not 
authenticated, can browse the 
tree.Users are granted all rights to 
their home directories, which are 
migrated when you migrate User 
objects. 


Figure 1-1 shows objects in a sample Directory tree after you have installed 
a NetWare Services server (named TSERVER). 
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[Root] 

■— Fpfe, Coum-try 



Example of a New Directory Tree 

TSERVER is a newly installed NetWare Services server and was placed in 
the context TEST.MEDTEC (that is, in the Organizational Unit TEST which 
is in the Organization MEDTEC). 

The Volume object TSERVER_SYS was created by default, and the Volume 
object TSERVER_PROJECTS was defined by the network supervisor 
during installation. 
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Setting Up Administration Utilities 

The first time the network supervisor logs in, it must be as the User object 
ADMIN. This is the only object, after installation, that has rights to create 
and manage objects. 

Before you can log in, however, you must first use the instructions in this 
section to install a single client workstation from which you can run either 
NetWare Administrator or NETADMIN to start creating objects on your 
network. You can install and customize other workstations later using the 
appropriate client manual. 


If you want to 

Go to 

Create workstation 

installation diskettes from 

CD-ROM 

“Creating Client Install Diskettes from 
CD-ROM” 

Install a Windows 

workstation 

“Installing a Windows Workstation and 
Starting NetWare Administrator” 

Install a DOS workstation 

“Installing a DOS Workstation and 

Starting NETADMIN” 


Creating Client Install Diskettes from a Network Device 

You can create disks using a network device. 

Procedure 

1 For DOS or Windows, format five high-density diskettes using the DOS 
FORMAT command. 

2 Map a drive to a server directory containing the NetWare Services fdes and 
change to the SYS:PUBLIC\CLIENT directory. 

3 Change to one of the following subdirectories. 


If creating diskettes for 

Go to this subdirectory 

DOS 

DOSWIN 
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If creating diskettes for 

Go to this subdirectory 

Windows 

DOSWIN 


4 If you are installing a language version other than English (the default language), 
set the “nwlanguage” environment variable by typing the following at the 
workstation command line: 

SET NWLANGUAGE=language <Enter> 

Replace language with the appropriate language found in the NLS subdirectory 
under either CLIENT\OS2 or CLIENTVDOSWIN. 

5 Type 

MAKEDISK drive_letter: <Enter> 

Replace drive_letter with the letter that represents the driver into which you will 
insert the blank formatted diskettes. For example, type either 

MAKEDISK A: <Enter> 

or 

MAKEDISK B: <Enter> 

The MAKEDISK utility copies the client installation files from the CD-ROM 
directory to the diskettes. It prompts you to insert new empty formatted 
diskettes. 

6 Attach a label to each diskette and label the diskettes as described in Table 1-2. 


Client diskette labels 


Diskette 

number 

Label for DOS/Windows 

Label for OS/2 

1 

NetWare Client for DOS and 

MS Windows Disk 1 

WSOS2_l 

2 

NetWare Client for DOS and 
MS Windows Disk 2 

WSOS2_2 

3 

NetWare Client for DOS and 

MS Windows Disk 3 

WSOS2_3 

4 

NetWare Client for DOS and 

MS Windows Disk 4 

OSUTIL1 
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Client diskette labels 


Diskette 

number 

Label for DOS/Windows 

Label for OS/2 

5 

NetWare Client for DOS and 

OS2DOC_X 


MS Windows ODI LAN 

l=English 

2=French 

3=German 

4=Italian 

5=Spanish 


drivers 

6 


WSDRV_1 

7 


VLMBOOT 

(optional) 


7 Save these diskettes until you are ready to install client software. 


Installing a Windows Workstation and Starting NetWare 
Administrator 

If you want to use the NetWare Administrator graphical utility to set up your 
network, follow these instructions to first install Windows software on the 
workstation. Then continue with this section. 

Prerequisites 

• A workstation cabled to the network and mnning Windows 3.1 

• At least one NetWare Services server installed 

• The WSDOS_l, WSWIN_1, WSDRV_1 and WSDRV_2 diskettes 

• 1.2 MB of free disk space on the workstation 

Procedure 

1 Insert the WSDOS_l diskette into your workstation's disk drive. 

2 Load the client installation program by typing 

drive:install <Enter> 
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Replace drive with the letter of your workstation’s disk drive. 

3 Follow the installation instructions on the workstation screen. 

Use the arrow keys to move between the fields. Press <Enter> to modify a 
particular field. 

Because this workstation is being installed to get you started with the network 
setup, you can do a standard installation with the default settings and configure 
other options later. 

4 Exit the installation program. 

5 Reboot your workstation. 

In order for your modifications or new installation to function, you need to 
reboot your workstation. 

6 From the network drive F:, use the LOGIN command to log in to the network as 
ADMIN. 

The LOGIN command must include your context. Depending on the Directory 
tree structure you set up for the server during installation, use the name typing 
sequence of Common Name, Organizational Unit, Organization, and Country. 

For example, if you installed this server in an Organization called ABC_INC, 
with no Organizational Unit or Country defined in the Directory tree, you would 
type 

LOGIN .ADMIN.ABC_INC <Enter> 

For more information on the LOGIN syntax and options, see “LOGIN” in 
Utilities Reference. 

7 Enter a password if prompted; then press <Enter>. 

8 Map the next network drive to the PUBLIC directory of Volume SYS: by typing 

MAP N SYS:PUBLIC <Enter> 

9 Change to the network drive that is mapped to the PUBLIC subdirectory. 

For example, if you mapped network drive Z:, you'd type 

Z: <Enter> 

10 Start Windows. 

11 Select the NetWare program group or another program group you want to start 
the NetWare Administrator from. 

12 From the “Program Manager File” menu, choose “New.” 
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13 Select “Program Item.” 

14 Choose “OK.” 

15 Enter “NWADMIN” in the “Description” field and press <Tab>. 

16 Choose “BROWSE.” 

17 From the “Drives” drop-down list, select the drive that points to SYS:PUBLIC. 

18 From the list under “File Name,” select NWADMIN.EXE and choose “OK.” 
The path to the executable file is placed in the “Command Line” text box. 

19 Again, choose “OK,” and then choose “Yes.” 

The NetWare Administrator is created as a program item icon in the group you 
selected. 

You can now use the NetWare Administrator graphical utility to complete your 
network setup. 

20 To start NetWare Administrator, choose the “NWADMIN” icon. 

21 Before exiting Windows, from the “Options” menu, select “Save Settings on 


Exit.” 


Additional Information 


For more information about 

Refer to 

Installing MS Windows 
workstation software 

NetWare Client for DOS and MS 

Windows User Guide 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 

Logging in 

“LOGIN” in Utilities Reference 


Installing a DOS Workstation and Starting NETADMIN 

If you want to use text utilities, such as NETADMIN, to set up your 
Directory tree, follow these instructions to install DOS workstation 
software. 
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Prerequisites 

• A workstation cabled to the network and running DOS 3.30 or later 

• At least one NetWare Services server installed 

• The WSDOS_l, WSWIN_1, WSDRV_1, and WSDRV_2 diskettes 

• 1.2 MB of free disk space on the workstation 

Procedure 

1 Insert the WSDOS_l diskette into the workstation’s disk drive. 

2 Load the INSTALL.EXE program by typing 
drive:install <Enter> 

Replace drive with the letter of your disk drive. 

3 Follow the instructions on your screen. 

NOTE: Use the arrow keys to move between the fields. Press <Enter> to modify a particular 

field. 

Because this workstation is being installed to get you started with the network 
setup, you can do a standard installation with the default settings and configure 
other options later. 

4 Exit the installation program. 

5 Reboot your workstation. 

In order for your modifications or new installation to function, you need to 
reboot your workstation. 

6 From the network drive F:, use the LOGIN command to log in to the network as 
ADMIN. 

The LOGIN command must include your context. Depending on the Directory 
tree structure you set up for the server during installation, use the name typing 
sequence of Common Name, Organizational Unit, Organization, and Country. 

For example, if you installed this server in an Organization called ABC_INC, 
with no Organizational Unit or Country defined in the Directory tree, you would 
type 

LOGIN .ADMIN.ABC_INC <Enter> 

For more information on the LOGIN syntax and options, see “LOGIN” in 
Utilities Reference. 
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7 Enter a password if prompted; then press <Enter>. 

8 Map the next network drive to the PUBLIC directory of volume SYS: by typing 

MAP N SYS:PUBLIC <Enter> 

9 Change to the network drive that is mapped to the PUBLIC subdirectory. 

For example, if you mapped network drive Z:, you'd type 

Z: <Enter> 

You can now use text utilities such as NETADMIN to complete your network 
setup. 

10 To start the NETADMIN utility, type 

NETADMIN <Enter> 

Additional Information 


For more information about 

Refer to 

Installing DOS workstation 
software 

NetWare Client for DOS and MS 

Windows User Guide 

Logging in 

“LOGIN” in Utilities Reference 

NETADMIN text utility 

“NETADMIN” in Utilities Reference 
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How Clients Can Access NetWare 

Even though most of this manual discusses how to configure and manage 
servers, an overview of NetWare access may be helpful. Since the clients 
available with NetWare Services are DOS, Windows 3.11, Win 95 and NT,, 
the following items briefly explain how to get to NetWare from a client 
machine. 

• NetWare Services. This allows NetWare clients to access HP-UX resources 
while maintaining their NetWare environment. 

• NUC. This allows NetWare clients to access NetWare resources while 
maintaining their NetWare environment. See Managing NUC Connectivity or 
System Owner Handbook for information. 

• NVT. This allows DOS and Windows clients to establish a NetWare remote login 
session and access NetWare resources in a NetWare environment. See Managing 
NUC Connectivity for information. 

The tasks these clients can do with files and directories is described in 
Chapter 3, “Managing the NetWare Services File System.” 
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Introduction 

This chapter helps you set up and start managing your network objects after 
installing NetWare® 4.1 Services. 

The sections in this chapter explain basic “getting started” tasks, including 
these: 

• How to create and manage objects, such as Users, Groups, Organizational Roles, 
and Profiles 

• How to search for objects 

• How to move, delete, and rename objects 

• How to change properties of objects 

You can use either NetWare Administrator or NETADMIN. Both methods 
are explained in this chapter. 
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Rights Needed to Create and Manage Objects 

As User object ADMIN, you initially have all rights to all objects in the 
Directory tree. However, if you allow users to manage parts of the Directory 
free, you need to give them the rights necessary to manage their section of 
the tree. 

Trustee Assignments 

When you give an object, such as a user, rights to another object, such as a 
container, you make a trustee assignment. That user then becomes a trustee 
of that container. Any object with a trustee assignment to another object is a 
trustee of that object. 

Each object contains a list of objects that have trustee assignments to it, 
called a trustee list. This list tells who can access that object. An object’s 
trustee list is stored in its Access Control List (ACL) property. 

Inherited Rights Filter 

The Inherited Rights Lilter (IRL) controls the rights that a trustee can inherit 
from parent directories and container objects. By default, the IRL allows 
every right to be inherited from the parent directory or container object. 

The IRL cannot grant rights; it can only allow or revoke rights. 

Security Equivalence 

Security Equal To is a property of every User object that lists other objects. 
The user is granted all rights that any object (such as User, Group, or Printer) 
in that list is granted, both to objects and to files and directories. 

Use the Security Equal To property to give a user temporary access to the 
same information or rights another user has access to. 

Lor more information on Security Equal To, see “Security Equal To” in 
Concepts. 
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Types of Rights 

Four kinds of rights exist in NetWare 4.1: 

• Object rights control what a trustee can do with an object. These rights control 
the object as a single piece in the Directory tree, but do not allow access to 
information stored within that object (unless the Supervisor object right is 
granted). 

• Property rights control a trustee’s access to information stored within the 
object—that is, the information stored in the object’s properties. Each object has 
several properties: Supervisor (grants all rights to the property). Compare (grants 
the right to compare property values). Read (grants the right to read the property 
values). Write (grants to right to add, change, or remove property values), or Add 
or Delete Self (grants the right to add or remove itself as a property value). 

• Directory rights control what a trustee can do with a directory. Directory rights 
also apply to files in the directory unless explicit file rights are granted and the 
file’s Inherited Rights Filter doesn't block the directory rights from flowing 
through. 

• File rights control what a trustee can do with a file. 

In bindery-based versions of NetWare, you could assign only directory and 
file rights. In NetWare Services, you can also assign rights to an object and 
to properties belonging to an object. 

This section discusses only object rights and property rights. 

Object and property rights are assigned separately so that you can control 
access to the pieces of information (or properties) contained in the object. 

Any object to which you grant sufficient rights can make trustee assignments 
using NetWare Administrator or NETADMIN. This section discusses the 
rights that are needed to make various types of trustee assignments within 
NDS. 

Directory rights and file rights apply only to the file system. For a discussion 
of these rights, see Chapter 3 /‘Managing the NetWare Services File 
System.” 
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NOTE: In addition to the rights mentioned previously, NetWare® 4.1/9000 has its own 

security. The discussion of rights in this chapter is limited to those rights inherent to 
NetWare Services. For information about how these two sets of security work 
together see Chapter 3, “Managing the NetWare Services File System.” 


Object Rights 

Object rights control what trustees can do with the object of which they are a 
trustee. Object rights control the object as a single piece in the Directory 
tree, but do not allow the trustee to access information stored in that object’s 
properties (unless the Supervisor object right is granted). 

Table 2-1 lists and describes the object rights that you can assign to a trustee. 

Table 2-1 Object Rights 


Right 

Description 

Supervisor 

Gives the network supervisor all rights to the object and to all 
its properties. However, the Supervisor object right can be 
blocked by the Inherited Rights Filter (IRF) below the object 
where the Supervisor right is granted. 

Browse 

Allows the trustee to see the object in the Directory tree. Also 
when the trustee searches for a value that matches the object. 
Browse allows that object to be listed. 

Create 

Allows the trustee to create a new object within a container 
object. Applies only to container objects because leaf objects 
cannot contain other objects. 

Delete 

Allows the trustee to delete an object from the Directory tree. 
You cannot, however, delete a container object unless all the 
objects in the container are deleted first. 

Rename 

Allows the trustee to change the name of the object, in effect, 
changing the naming property. This changes what the object is 
called when it is a part of complete names. 
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Table 2-2 


Property Rights 

Object rights do not allow trustees to see the information stored in the 
object’s properties. Property rights are required to read the information in an 
object’s properties. Property rights control access to each property of an 
object. 

For example, if you include a private telephone number as a property for a 
User object, you can use property rights to prevent others from seeing that 
telephone number. At the same time, you can use property rights to allow 
other properties, such as Address or Fax Number, to be viewed. 

Table 2-2 lists and describes property rights that you can assign to a trustee. 


Property Rights 


Right 

Description 

Supervisor 

Gives all rights to the property. You can block the 
Supervisor property right with an Inherited Rights Filter. 

Compare 

Allows the tmstee to compare any value with an existing 
value of the property. The comparison can return True or 
False, but cannot give the value of the property. 

Read 

Allows the trustee to read the values of the property. This 
right includes the Compare right; that is, if the Read right 
is given. Compare operations are allowed also. 

Write 

Allows the trustee to add, change, or remove any values 
of the property. The Write right implies the Add or 

Delete Self right. 

Giving the Write right to the ACL property is the same as 
giving the Supervisor right to the object. 

Add or Delete 

Self 

Allows the trustee to add or remove itself as a value of 
the property, but not to change any other values of the 
property. This right is only used for properties where a 
User object can be listed as a value, such as group 
membership lists or mailing lists. The Write right 
includes the Add or Delete Self right. 


See the following references for more detailed information. 
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Additional Information 

For more information about 

Refer to 

Access Control List 

“Access Control List” in Concepts 

Container and leaf objects 

“Object” in Concepts 

Trustees and rights 

“Security” in Concepts 
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Managing Trustee Assignments to Objects 

An object that is granted rights to work with another object is called a trustee 
of the object. Through trustee assignments you determine what level of 
rights you want trustees to have on the objects to which they are assigned. 

For example, to make user KSMITFI a trustee of Organizational Unit 
MARKETING, go to the Organizational Unit MARKETING and add 
KSMITFI as a trustee, giving KSMITH whatever object and property rights 
you think are sufficient. 

KSMITH’s trustee assignment to MARKETING overrides any other rights 
that KSMITH may have inherited or received through security equivalence. 

You can manage trustee assignments to objects by using either NetWare 
Administrator or NETADMIN. Both procedures are described in this 
section. 


Additional Information 


For more information 
about 

Refer to 

Inherited Rights Filter 

“Inherited Rights Filter” in Concepts 

Rights 

“Rights” in Concepts 

Security 

“Security” in Concepts 

Tmstees 

“Trustee” in Concepts 

Using NetWare 
Administrator 

“NetWare Administrator” in Utilities 

Reference 


Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Supervisor object right to the object to which tmstees are to be assigned 
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Procedure 

1 From the Windows Program Manager, choose the “NetWare Administrator” 
icon. 

2 Select the object to which you want to assign trustees. 

3 Right-click and choose “Trustees of this Object,” or, from the “Object” menu, 
choose “Trustees of this Object.” 

All the trustees of this object are listed in the “Trustees” box. 

From the “Trustees” dialog, you can 

• View or change a trustee’s effective rights to this object. 

• Add a trustee to this object. 

• Delete a trustee from this object. 

• Change the object rights of a trustee. 

• Change the property rights of a trustee. 

• View or change the Inherited Rights Filter (IRF) of this object. 

4 For instructions on completing any of the previous procedures, press the “Help” 
button and then select one of the procedures from the list. 

Using NETADMIN 

Prerequisites 

• A workstation running DOS 3.30 or later and NETADMIN 

• The Supervisor object right to the object to which trustees are to be assigned 

Procedure 

1 At the DOS prompt, type 

NETADMIN <Enter> 

For information on moving around in NETADMIN and selecting objects, press 
<F1> after starting the utility. 

2 From the “NETADMIN Options” menu, choose “Manage Objects.” 

3 Browse the Directory tree until you see the object you want to assign trustees to. 

Use the instructions at the bottom of the screen to browse the directory. Press 
<F1> for help. 
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4 When the desired object appears in the “Object, Class ” list, select it and press 
<F10>. 

5 Select “View or Edit the Trustees of This Object.” 

From the “Trustees of This Object” menu you can 

• Set the Inherited Rights Filter (IRF). 

• Add or change trustee assignments. 

• View the effective rights for a trustee. 

6 From the “Trustees of This Object” menu, select one of the options. 

For instructions on completing a procedure, press <F1>. 
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Creating Container Objects 

You can create container objects using either NetWare Administrator or 
NETADMIN. Both of these methods are described in this section. 

Considerations for naming container objects and suggestions for creating 
searchable objects are also described here. 

Types of Container Objects 

The kinds of container objects you can create are Country, Organization, and 
Organizational Unit. The top object, called Root, is created by default, and is 
placed at the top of the Directory tree when NetWare Services is installed. 

Container objects form the top levels of the Directory free. Use them to 
manage and organize the top level of the Directory tree. 

For more information about planning the top levels of your Directory tree, 
see chapter 2, “Understanding NetWare Directory Services” in Introduction 
to NetWare Directory Sendees. 

Figure 2-1 shows the hierarchy of container objects and leaf objects in 
NetWare Directory Services. (The icons represent the leaf objects as they 
appeal - in NetWare Administrator.) 
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Hierarchy of Objects 

You can create leaf objects only under the Organization and Organizational 
Unit container objects. 

Table 2-3 describes each container object you can create and when to use it. 
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Table 2-3 

Container Objects You Can Create 


Container object 

Description 

When to use it 

Country 

Designates the countries where your 
network resides and organizes other 
objects within the country. 

You must always include the name 
type of the object in complete names 
when you include the Country 
container object in your Directory 
tree. Even when you refer to objects 
located in the same container object, 
you must designate the name type 
(CN, OU, or O) of the object. 

This object is optional. 

If you choose to create a Country 
object, you can use it to represent the 
country where your organization 
headquarters resides or, if you have a 
multinational network, to represent 
each country that is a part of your 
network. 

You can create a Country container 
object only under the Root object. 

Organization 

Allows you to organize other objects 
in the Directory, to set defaults in a 
login script, and to create a user 
template for User objects you create 
in this container. 

You can use an Organization object 
to designate a corporation, or 
location, etc. 

The Organization object is 
mandatory. The Directory tree must 
include at least one of these 

containers. 

You can create an Organization 
object only under the Root or 

Country object. 

Organizational Unit 

Allows you to organize leaf objects 
in the Directory tree, to set defaults 
in a login script, and to create a user 
template for User objects you create 
in this container. 

You can use an Organizational Unit 
object to designate a division, a 
business unit, or a project team. 

You can create multiple levels of 
Organizational Units. 

You can create Organizational Units 
in Organization objects and other 
Organizational Unit objects. 


Naming Container Objects 

Try to keep container object names short and simple. This makes it easier for 
users to change context and to remember their own context. 
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The following rules apply to most objects. For specific rules about naming 

leaf objects, see “Naming Leaf Objects.” 

Object Naming Rules 

Remember these rules when naming an object: 

• The name must be unique in the branch (container) of the Directory tree where 
the object is located. 

• The object name can be up to 64 characters in length, except for Country objects, 
which are limited to two characters. 

• You can use any special characters. But if the object needs to be accessed from a 
client running a version of NetWare earlier than NetWare 4.1, you should avoid 
using special characters. (For a list of these characters, see “Object Name 
Restrictions for Bindery Services.”) 

• You can enter object names in either uppercase or lowercase. Object names are 
displayed with uppercase and lowercase letters as they were first entered, but they 
are not case sensitive. Therefore, “ManagerProfile” and “MANAGERPROFILE” 
are considered to be identical names. 

• You can use spaces and underscores, but they are both considered spaces. 
Therefore, “Manager_Profile” and “Manager Profile” are considered to be 
identical names. 


NOTE: If you anticipate managing objects created from different code pages, you must limit 

object names and properties to those characters common to all the applicable code 
tables. 

Nondisplayable Unicode* characters for your code page are represented by an ASCII 
3 character (a “heart” symbol). For more information, see “Unicode” in Concepts. 


Object Name Restrictions for Bindery Services 

When you create objects to be accessed from a client running a version of 
NetWare earlier than NetWare 4.1, the names of the objects must follow 
bindery naming rules or else the non-NetWare 4.1 client will not recognize 
them. Object names in bindery services are interpreted as the following: 

• Spaces in object names are replaced by underscores. 

• Object names longer than 47 characters are cut off after the 47th character. 
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You cannot use the following characters in an object name that must be 
accessed from a client running a version of NetWare earlier than NetWare 
4.1: 

/ slash 

\ backslash 

: colon 

, comma 

• asterisk 

? question mark 

Creating Searchable Container Objects 

When you create a container object, you can enter various types of 
information about that object into its properties, such as location and 
telephone. If you enter data into the containers’ properties in a consistent 
format, it is easier to search the Directory database for a particular type of 
information. 

Many container object properties are optional; you are not required to enter 
information in order to create the object. However, information in objects’ 
properties can help you track and manage container objects. 

After you create container objects, you can use NetWare Administrator, 
NETADMIN, or NLIST to search for and list these objects. You can also 
search for their various properties. 

Creating Container Objects Using Directory Services Installation 

When you install a NetWare Services server on a host, you are required to 
type a context (the pathname from the container object to the Root) in which 
the NetWare Server object is placed. 

If you create a new context, several events happen by default: 

• An Organization or Organizational Unit container object is created, depending on 
the context you create. 

• Bindery services is set for that container object, so that the server you installed in 
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the container object is running bindery services. 

• A read/write replica of the Directory partition where the container object resides 
is stored on the server that you just installed. 

For more information on how to create container objects using Directory 
Services Install ( dsinstall ), see the NetWare 4.1/9000 Installation and 
Administration Guide.. 

Creating Container Objects Using 
NetWare Administrator or NET ADMIN 

The first time the network supervisor logs in, the User object ADMIN must 
be used. This is the only object after installation that has rights to create and 
manage objects. 

Before you can log in, you must first install a single workstation and run 
either NetWare Administrator or NETADMIN to start creating objects on 
your network. 

You can install and customize other workstations later, using the respective 
client manual. 

Creating Container Objects Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Create object right to the container that will contain the new container object 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 Select the object that will contain the new container object. 

For information on moving around in the browser and choosing objects, press 
<F1>. 

3 Choose “Create” from the “Object” menu. 

4 From the “New Object” dialog box, select the new container object class that you 
want. 
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If the container object class you want to create does not appear under “New 
Object,” you cannot create that object in the selected container. Choose 
“Cancel” to return to the browser; then select a different container type. 

5 Choose “OK.” 

The “Create Object” dialog box appears. 

6 Type a name for the object in the box provided. 

7 (Optional) Select “Define Additional Properties.” 

Select this option if you want to use the same default information in the new 
container as was present in the parent container. This default information is used 
whenever you create a new user. 

The user default information for each container is stored in a User object named 
USER_TEMPLATE. 

8 (Optional) Select “Define User Defaults.” 

Select this option if you want to use the same default information in the new 
container as was present in the parent container. This default information is used 
whenever you create a new user. 

The user default information for each container is stored in a User object named 
USER_TEMPLATE. 

9 Choose “Create.” 

10 (Optional) Choose “Yes” if you want user template properties to be inherited 
from the parent container, or “No” if you want to define a new user template. 

11 (Optional) Add information to the object dialog pages. 

If you chose “Define Additional Properties,” add the information now. Press 
<F1> for help. 

12 Choose “OK” to save the properties you have just entered in the dialog pages. 


Additional Information 

For more information about 

Refer to 

Objects 

“Object” in Concepts 

Rights 

“Rights” in Concepts 
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For more information about 

Refer to 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 

Using object dialog pages in 
NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 


Creating Container Objects Using NET ADMIN 
Prerequisites 

• A workstation running DOS 3.30 and NET ADMIN 

• The Create object right to the object that will contain the new container object 

Procedure 

1 At the DOS prompt, type 

NETADMIN <Enter> 

For information on moving around in NETADMIN and selecting objects, press 
<F1> after starting the utility. 

2 From the “NetAdmin Options” menu, choose “Manage Objects.” 

3 Select the container object that will contain the new container object. 

The objects in the selected container are listed. 

To see if you are in the right context, look at the title bar on the screen. Press 
<F1> for help. 

4 Press <Insert>. 

5 From the “Select an Object Class” screen, choose the container object class you 
want to create. 

If the container object class you want to create does not appear, you cannot 
create that object in the selected container. Press <Esc> to return to the browser; 
then choose a different container type. 

6 Type the new container object name. 

7 Enter a Mailbox Focation and press <Enter>. 

If you are creating a Country object, you are not prompted to define a Mailbox 
Focation or create a user template. 


2-18 






Setting Up and Managing NetWare Directory Services Objects 

Creating Container Objects 


8 If you want to create a user template to be applied to new User objects created in 
this container, type “Y” and press <Enter>. If you do not want to create a user 
template, type “N” and press <Enter>. 

The user template is a User object named USER_TEMPLATE. 

A user template contains default information you can apply to users you create 
to give them default property values. 

9 Press <F10> to save the information. 

10 If you want to create another container object, choose “Yes.” If you do not, 
choose “No” and press <Enter>. 

If you choose “Yes,” you are prompted to type the new container object name. 
Repeat Step 6 through 9, and then continue with Step 11. 

If you choose “No,” then after a short delay the container object is displayed in 
the Directory tree. Continue with Step 11. 

11 To edit this object, press <F10>. 

A menu appears from which you can choose to view or edit properties of this 
object and make trustee assignments to this object and to files and directories. 

12 Choose an option from the “Actions” menu and add any necessary information. 

13 To exit, press <Esc> until you return to the “NetAdmin Options” menu. 

Additional Information 


For more information about 

Refer to 

Objects 

“Object” in Concepts 

Object properties 

“Property” in Concepts 

User templates 

“Managing User Templates” in chapter 2 

Using NETADMIN 

“NETADMIN” in Utilities Reference 
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Creating Leaf Objects 

Leaf objects represent network resources, such as users, computers, printers, 
and lists. They do not contain any other objects. 

You create leaf objects within a container object. Figure 2-2 lists the leaf 
objects you can create. (The icons represent the objects as they appear in 
NetWare Administrator.) 
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Figure 2-2 Leaf Objects You Can Create 


NOTE: The first three leaf objects in the figure - Message Routing Group, External Entity, 

and Distribution List - are NetWare MHS Services objects. They appear in NetWare 
Administrator only if you have installed NetWare MHS Services on your NetWare 
server. 


How to Use Leaf Objects 

Table 2-4 describes in alphabetical order each leaf object you can create and 
when to use it. 
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Table 2-4 Leaf Objects You Can Create 


Leaf object 


Description 


When to use 


Use this object to allow easier access to 
an object that is in another context. 

For example, you can use an Alias to 
represent a resource, such as a special 
printer, that most users in the tree need 
to access. 

Also, when you move or rename a 
container object in a Directory tree, 
you have the option of creating an alias 
in place of the moved or renamed 
object. If you select this option, 
NetWare Administrator automatically 
creates the alias for you and assigns it 
the same name as the original object. 

Creating an alias in place of a moved or 
renamed container object allows users 
to continue logging in to the network 
and see the container objects (and the 
objects it contains) in its original 
Directory location. 

Computer Represents a nonserver computer on Use this object to store information 

the network, such as a workstation or a about a nonserver computer, such as its 
router. network address, its serial number, or 

the person to whom the computer is 
assigned. 

This object has no effect on the 
operation of the network; it only stores 
information about the computer. 


Alias Points to another object in the 

Directory tree and makes it appear as 
if that object actually exists in the 
Directory tree where the alias is. 

Although an object appears both 
where it was actually created and 
where an alias referring to it was 
created, only one copy of the object 
really exists. 

If you delete or rename an alias, the 
object it is pointing to is not affected. 
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Table 2-4 Leaf Objects You Can Create 


Leaf object Description When to use 

Directory Map Represents a particular directory in the 
file system. Directory Map objects can 
be especially useful in login scripts by 
pointing to directories that contain 
applications or other frequently used 
files. 

For example, if you have a directory 
that contains DOS 5.0, you will 
probably map a search drive to that 
directory in the login scripts you 
create. Later, if you upgrade to DOS 
6.0 and rename the directory, you 
would have to change the mapping in 
every login script where that search 
mapping appears. 

With a Directory Map object, you 
change only the information in that 
one object. 

Distribution List Represents a list of mail recipients. Use this object to simplify sending 

mail. 

For example, you could create a 
Distribution List object called 
Recreation Committee. Anyone 
wanting to send a message to all the 
members of the Recreation Committee 
can simply address the message to 
Recreation Committee, rather to each 
member. 


Use this object to avoid making 
changes to many login scripts when the 
location of applications changes. 

For more information on Directory 
Map objects, see “Loading Operating 
Systems and Applications onto the 
Network” in Chapter 3. 
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Table 2-4 Leaf Objects You Can Create 


Leaf object 

Description 

When to use 

External Entity 

Represents a non-native NDS object 
that is imported into NDS or registered 
in NDS. 

NetWare MHS Services use external 
entity objects to represent users from 
non-NDS directories to provide an 
integrated address book for sending 
mail. 

If your messaging environment 
contains non-MHS servers, such as 
SMTP hosts, SNADS nodes, or X.400 
MTAs, you might choose to add users 
and lists at these servers to your 

NetWare database as External Entities. 

Adding these objects to the database as 
external entities adds them to the 
address books of your messaging 
applications. When addressing 
messages, local users can choose non- 
MHS users and lists from a directory 
list. 

Group 

Assigns a name to a group of User 
objects that can be located anywhere 
in the Directory tree. 

Create a Group object when you have 
many User objects that need the same 
trustee assignments. Rather than 
making many trustee assignments, you 
make just one trustee assignment to a 
Group object for all users who belong 
to the group. 

Message 

Routing Group 

Represents a group of messaging 
servers that can transfer messages 
directly with each other. 

Create a Message Routing Group when 
you have two or more messaging 
servers that need to communicate with 

each other. 
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Table 2-4 Leaf Objects You Can Create 


Leaf object 

Description 

When to use 

NetWare Server 

Represents a server running NetWare 
on your network. 

Stores information about the server in 
the NetWare Server object’s 
properties, such as the server’s 
address, the physical location of the 
server, and what services it provides. 

The NetWare Server object affects the 
network in that it is referred to by 
several other objects. 

Use the NetWare Server object to 
associate the physical server on the 
network with the Directory tree. 

Without this object, users cannot access 
file systems that are on that server’s 
volumes. 

If you have a non-NetWare 4.1 server, 
you must create this object to be able to 
access non-NetWare 4.1 volumes. 

When you create a NetWare Server 
object for a non-NetWare 4.1 server, 
the non-NetWare 4.1 server must be 
running. 

Organizational 

Defines a position or role within an 

Create an Organizational Role object 

Role 

organization. 

so that you can assign rights to a 
particular position rather than the 
person who occupies that position. The 
occupant may change frequently, but 
the responsibilities of that position do 
not. 

You can assign any user to be an 
occupant of the Organizational Role 
object because every occupant receives 
the same rights that you granted to the 
Organizational Role object. 

Print Queue 

Represents a print queue on the 
network. 

You must create a Print Queue object 
for every print queue on the network. 

This object cannot be created with 
NETADMIN. 

See Print Services for more 

information. 
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Table 2-4 

Leaf Objects You Can Create 


Leaf object 

Description 

When to use 

Print Server 

Represents a network print server. 

You must create a Print Server object 
for every print server on the network. 

This object cannot be created with 
NETADMIN. 

See Print Services for more 

information. 

Printer 

Represents a physical printing device 
on the network. 

You must create a Printer object for 
every printer on the network. 

This object cannot be created with 
NETADMIN. 

See Print Services for more 

information. 

Profile 

Contains a profile script (login script). 
When the Profile object is listed as a 
User object’s property, the Profile 
Object’s login script is executed when 
that User object logs in. The Profile 
login script executes after the system 
login script and before the user login 
script. 

Create a Profile object for a set of users 
who need to share common login script 
commands but who are not located in 
the same container in the Directory 
tree, or who are a subset of users in the 
same container. 
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Table 2-4 Leaf Objects You Can Create 


Leaf object 


Description 


When to use 


User 


Represents a person who uses your 
network. 

In the User object properties, you can 
set login restrictions, intruder 
detection limits, password and 
password restrictions, security 
equivalences, etc. 


You must create a User object for every 
user who needs to log in to the 
network. When you create a User 
object, you can create a home directory 
for that user. When you create User 
objects, you can also choose to apply a 
user template to the user that provides 
default property values. 

For users who have NetWare 4.1 
workstations, you can create the User 
objects anywhere in the Directory tree, 
but the users must know their context 
in order to log in. You should create 
User objects in the container where the 
users will typically log in. 

For users who have non-NetWare 4.1 
workstations, you must create the User 
objects in the container at which the 
bindery services context is set for the 
server that they need to log in to. 
(Bindery services is set by default for 
every NetWare 4.1 server that is 
installed.) Non-NetWare 4.1 users do 
not need to know their context because 
they log in to the server rather than to 
the Directory tree. 
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Table 2-4 Leaf Objects You Can Create 


Leaf object 


Description 


When to use 


Volume 


Represents a physical volume on the 
network. 

In the Volume object’s properties, you 
can enter identification information, 
such as the host server, volume 
location, etc. You can also set 
restrictions for use of the volume, such 
as space limits for users. 


You should create a Volume object for 
every physical volume on the network. 
During installation of NetWare® 4.1/ 
9000 NetWare Services on a server. 
Volume objects are created for every 
physical volume on that server. 

When you create a volume, you are 
prompted for the server name and the 
volume name on the server. That 
information is placed in the Volume 
object’s properties. 

You can use the Volume object to 
display the directories and files on that 
volume. 


Naming Leaf Objects 

The object naming rules described in the next section apply to most leaf 
objects. Special rules applying to NetWare Server objects and objects 
viewed through bindery services are described in separate sections. For rules 
about naming container objects, see “Naming Container Objects” in this 
chapter. 

Object Naming Rules 

Remember these rules when naming an object: 

• The name must be unique in the branch (container) of the Directory tree where 
the object is located. 

• The object name can be up to 64 characters in length. 

• You can use any special characters. But if the object needs to be accessed from a 
client running a version of NetWare earlier than NetWare 4.1, you should avoid 
using special characters (see the next section). 

• You can enter object names in either uppercase or lowercase. Object names are 
displayed with uppercase and lowercase letters as they were first entered, but they 
are not case sensitive. Therefore, “ManagerProfile” and “MANAGERPROFILE” 
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are considered to be identical names. 

• You can use both spaces and underscores, but they are both considered spaces. 
Therefore, “ManagerJProfile” and “Manager Profile” are considered to be 
identical names. 

If you use a space in a name, you must place quotation marks around that text 
string whenever you use a command line utility that includes that text string. 

NOTE: If you anticipate managing objects created from different code pages, you must limit 

object names and properties to those characters common to all the applicable code 
tables. 

Nondisplayable Unicode characters for your code page are represented by an ASCII 
3 character (a “heart” symbol). For more information, see “Unicode” in Concepts. 


Object Name Restrictions for Bindery Services 

When you create objects to be accessed from a client running a version of 
NetWare earlier than NetWare 4, the names of the objects must follow 
bindery naming rules or else the pre-NetWare 4 client does not recognize 
them. Object names in bindery services are interpreted as the following: 

• Spaces in object names are replaced by underscores. 

• Object names longer than 47 characters are cut off after the 47th character. 

You cannot use the following characters in an object name that must be 
accessed from a client running a version of NetWare earlier than NetWare 4: 

/ slash 

\ backslash 

: colon 

, comma 

• asterisk 

? question mark 
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Naming Restrictions for NetWare Server Objects 

The first NetWare Server object for a NetWare 4.1 server must be created 
with Directory Services Install. The object is given the same name as the 
physical server. Rules for naming physical servers appear in Help of 
Directory Services Install. 

If you create a NetWare Server object for a non-NetWare 4.1 server, you 
must use the physical server name as well, because NetWare Directory 
Services must search for the server on the network to verify its existence. 

For example, if you create a Server object for a NetWare 3™ server whose 
physical name on the network is SURFBOY, you must name the Server 
object SURFBOY. 

Because of these restrictions, you can never rename a NetWare Server 
object, even if you have the Supervisor object right to it. For more 
information on NetWare Server objects, see “Object” in Concepts. 

Creating Searchable Leaf Objects 

When you create an object, you enter various types of information about that 
object into its properties. An object’s properties can include a telephone 
number, a description, an address, etc. 

Many object properties are optional; you are not required to enter 
information about such properties to create the object. However, information 
in objects’ properties can help you hack and manage those objects. 

After you have created objects, you can use NetWare Administrator, 
NETADMIN, or NLIST to search for and list these objects. You can also 
search for the values contained in the objects’ properties. 

If you enter data into the properties in a consistent format, it is easier to 
search the Directory database for different types of information when you 
need them. 

For example, you may want to search for all User objects at a certain 
location, such as building Ml. You cannot easily list all objects located in 
building Ml if you have entered “Bldg. Ml,” “BLDG Ml,” and “Ml” as 
values in the Location property of multiple User objects. 
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Standardizing the value for the Location property for all User objects at the 
site (such as Ml, M2, and M3) makes it possible to search for objects 
located in each building. 

Creating Leaf Objects Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Create object right to the container that will contain the new container object 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 Select the object that will contain the new leaf object. 

For information on moving around in the browser and selecting objects, press 
<F1>. 

If you are creating User objects, remember that users who are using non- 
NetWare 4.1 workstations must be created in the container where the bindery 
services context is set for the server that they need to log in to. 

NOTE: You can create User objects for users who have NetWare 4.1 workstations anywhere 

in the Directory tree, but the users must know their context in order to log in. You 
should create User objects in the container where the users will typically log in. 

3 From the “Object” menu, choose “Create.” 

4 Select the class of object you are creating from the “New Object” dialog box. 

If the class of object you selected does not appear under “New Object,” you 
cannot create this object in this container. Select or create another container to 
hold the object. 

5 Choose “OK.” 

Each type of leaf object that you create has a different “Create” dialog box. For 
details on each dialog box, choose “Help.” 

The property fields that are displayed in the “Create” dialog box are mandatory. 
You must enter information in these fields. 

The check boxes that are displayed in the “Create” dialog box are optional. 
Usually, you can select only one box, not both. 
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For example, if you select “Define Additional Properties,” the “Identification” 
page is displayed immediately after the object is created. Make this selection if 
you want to enter more information for the new leaf object at the time of 
creation. You can also enter additional property information later. 

If you select “Create Another Object,” another “Create” dialog box is displayed 
immediately after the object is created. 

6 Choose “Create.” 

Additional Information 


For more information about 

Refer to 

Objects 

“Object” in Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 


Reference 

Using the object dialog in 

“NetWare Administrator” in Utilities 

NetWare Administrator 

Reference 


Creating Leaf Objects Using NETADMIN 
Prerequisites 

• A workstation running DOS 3.30 or later and NETADMIN 

• The Create object right to the object that will contain the new leaf object 

Procedure 

1 At the DOS prompt, type 

NETADMIN <Enter> 

For information on moving around in NETADMIN and selecting objects, press 
<F1> after starting the utility. 

2 From the “NetAdmin Options” menu, select “Manage Objects.” 

3 Select the container that will contain the new leaf object. 


The objects in the selected container are listed. 

To see if you are in the right context, look at the title bar on the screen. 
Press <F1> for help. 
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If you are creating User objects, remember that users who are using non- 
NetWare 4.1 workstations must be created in the container at which the bindery 
services context is set for the server that they need to log in to. 

You can create User objects for users who have NetWare 4.1 workstations 
anywhere in the Directory tree, but the users must know their context in order to 
log in. You should create User objects in the container where the users will 
typically log in. 

4 Press <Insert>. 

5 From the “Select an Object Class” screen, select the object class that you want to 
create. 

If the object class you want to create does not appear, you cannot create that 
object in the selected container. Press <Esc> to return to the browser; then select 
a different container type. 

6 Type the information you are prompted for and press <Enter>. 

Each leaf object that you create has a different dialog box. For details on each 
dialog box, press <F1> for help. 

7 If you want to create another leaf object, choose “Yes.” If you do not, choose 
“No.” 

If you choose “Yes,” you are prompted for information about the next object you 
want to add. Repeat Step 6 and then continue with Step 8. 

If you choose “No,” the leaf object is displayed in the Directory tree. Continue 
with Step 8. 

8 Press <F10> to edit this object. 

A menu appears from which you can choose to view or edit information about 
this object. 

9 Choose an option from the “Actions” menu and add any necessary information. 

10 To exit, press <Esc> until you return to the “NetAdmin Options” menu. 

Additional Information 


For more information about 

Refer to 

Objects 

“Object” in Concepts 

Using NETADMIN 

“NETADMIN” in Utilities Reference 
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Managing Groups of User Objects 

NetWare 4.1 allows you to manage User objects as a group, which is often 
more efficient than managing them individually. Six objects that can help 
you manage groups of User objects are described in Table 2-5. 


Table 2-5 Objects that Help Manage Users 


Object 

Description 

Organization 

Allows you to assign trustee rights, login scripts, and user defaults to the 
User objects in the Organization. 

Organizational Unit 

Allows you to assign trustee rights, login scripts, and user defaults to the 
User objects in the Organizational Unit. 

Group 

Provides an efficient way to manage one object, the Group object, instead 
of many individual User objects. 

Profile 

Allows you to set up a specific work environment by using a common login 
script for groups of users who need similar work environments but who are 
not located in the same container object. 

Organizational Role 

Allows you to assign rights to a particular position and set of 
responsibilities rather than to a person. The person who occupies that 
position may change frequently, but the responsibilities of that position do 
not. 

The difference between a Group object and an Organizational Role object 
is that a Group object usually has many members, whereas an 

Organizational Role object usually has only one or two members. 

USER_TEMPLATE 

Allows you to apply default property values to any user that you create in a 
container object. You can choose to apply the information in the user 
template when you create new User objects. The template is actually a User 
object named USER_TEMPLATE. 


2-33 






Setting Up and Managing NetWare Directory Services Objects 

Managing Groups of User Objects 

Managing Group Objects 

If you want a user to have access to an object, you must give the user a 
trustee assignment to that object. Rather than make trustee assignments to 
many users, you can create a Group object and make just one trustee 
assignment to grant access to all the users who belong to the Group. 

Here are some guidelines to follow when setting up a Group object: 

• Only User objects can be listed in a Group, and you can add User objects from 
any part of the Directory tree to a Group. 

A Group object is not a container. It does not “contain” User objects; users’ 
names are merely assigned to a Group object. 

• To create a Group object, see “Creating Leaf Objects” in this chapter. 

• You must create User objects before you can add them to the membership list of 
a Group object. See “Creating Leaf Objects” in this chapter for instructions on 
creating User objects. 

• After you have created a Group object and added User object names to it, you 
manage the rights of the Group object rather than the rights of the individual 
users. 

For example, suppose you have a word-processor application on the network 
that many users need to access. You could create a Group object named WORD 
PROCESSOR USERS and add the User object names of the users who need 
access to the application. 

Then, rather than granting file trustee rights to each of the User objects, you 
would grant the file trustee rights to the Group object WORD PROCESSOR 
USERS for the application and the working directory. 

• When a user is added to the membership list of a Group object, the Group is listed 
in that user’s Security Equal To property. The user is granted all rights that any 
object (User, Group, Printer, etc.) in that list is granted, both object and file rights. 

After you have created a Group object, use the procedures that follow to: 

• Add members to a Group object. 

• Give a Group object rights to files and directories. 

• Delete members from a Group object. 

You can use NetWare Administrator or NETADMIN to manage Group 
objects. Both procedures are described in this section. 
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Additional Information 

For more information 

about 

Refer to 

Groups 

“Group Objects” in Concepts 

Object and property rights 

“Rights Needed to Create and Manage 

Objects” in this chapter 

Using NETADMIN 

“NETADMIN” in Utilities Reference 

Using NetWare 
Administrator 

“NetWare Administrator” in Utilities 

Reference 


Adding Members to a Group Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Write right to the Members property of the Group object 

• The Write right to the Security Equal To property of the User object 

• The Write right to the ACL (Access Control List) property of the Group object 

• The Group object must already exist, and the User objects you want to add as 
members of the Group must already exist 

Procedure 

1 Prom the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 Select the Group object you want to edit. 

Lor information on moving around in the browser and selecting objects, press 
<F1>. 

3 From the “Object” menu, choose “Details.” 

4 Choose the “Members” button at the right side of the “Object” dialog box. 

5 Choose the “Add” button to browse the Directory tree for User objects. 

6 Browse the Directory tree until the User object you want appears in the “Objects” 
box. 

7 Choose “OK.” 
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8 Repeat Step 5 through Step 7 to add more User objects to the Group object. 

9 When you have finished adding User objects to the Group object, choose “OK” 
to save your changes and return to the browser. 

Adding Members to a Group Object Using NETADMIN 
Prerequisites 

• A workstation running DOS 3.30 and NETADMIN 

• The Supervisor right to the Group object, or the Write or Supervisor right to the 
Members property of the Group object 

• The Supervisor right to the Group object, or the Write or Supervisor right to the 
Security Equal To property of the User object 

• The Supervisor or Write right to the ACL property of the Group and User objects 

• The Group object must already exist, and the User objects you want to add as 
members of the Group must already exist 

Procedure 

1 At the DOS prompt, type 

NETADMIN <Enter> 

For information on moving around in NETADMIN and selecting objects, press 
<F1> after starting the utility. 

2 From the “NetAdmin options” menu, choose “Manage objects.” 

3 Browse the Directory until the Group object appears on the screen. 

Use the instructions at the bottom of the screen to browse the directory. Press 
<F1> for help. 

4 When the Group object appears in the “Object” list, select it and press <F10>. 
The “Actions” menu appears. 

5 Choose “View or Edit Properties of This Object.” 

6 From the “View or Edit Group” menu, choose “Group Members.” 

7 At the “Group Members” screen, press <Insert> and then press <Insert> again to 
browse for the User object you want to add to the Group object. 

8 When the User object you want to add appears in the Directory, select it and press 
<F10>. 
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9 When the selected User object appears in the “ Members” screen, press <Enter>. 
To select (mark) multiple User objects, press <F5>. 

10 Continue to press <Insert> and select User objects until you have added all the 
users you want as Group members. 

11 To save the list of Group members, press <F10>. 

12 To exit, press <Esc> until you return to the “NetAdmin Options” menu. 

Giving Group Object Rights to Files and Directories Using NetWare 
Administrator 

Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Read object right to the Volume object 

• Rights to the file system 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 Select the Group object you want to edit. 

For information on moving around in the browser and selecting objects, press 
<F1>. 

3 From the “Object” menu, choose “Details.” 

4 Select the “Rights to File System” button on the right side of the “Object” dialog 
box. 

5 To choose a Volume, select “Include.” 

A list of Volumes appears in the “Select Object” box. You can also browse the 
Directory for a Volume. 

6 From the “Volumes” list, select the volume that contains the directory or file. 

7 Choose “Add." 

8 Select the Volume that contains the directory or file you want to grant rights to. 

9 From the “Files and Directories” dialog box, select the directory or file that you 
want to grant rights to. 
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The default rights that make up this object’s trustee assignment to the file or 
directory appear in the “Rights” area. 

10 Select the check boxes next to the rights that you want to add. 

You must have the Access Control right to the file or directory to make trustee 
assignments to the file or directory. 

11 Choose “OK.” 

The new trustee assignment is now effective for this object. 

Giving a Group Object Rights to Files and Directories Using NETADMIN 
Prerequisites 

• A workstation running DOS 3.30 and NETADMIN 

• The Read object right to the Volume object 

• Rights to the file system 

Procedure 

1 At the DOS prompt, type 

NETADMIN <Enter> 

For information on moving around in NETADMIN and selecting objects, press 
<F1> after starting the utility. 

2 From the “NetAdmin Options” menu, choose “Manage Objects.” 

3 Browse the Directory until the Group object appears on the screen. 

Use the instructions at the bottom of the screen to browse the directory. Press 
<F1> for help. 

4 When the Group object appears in the “Object” list, select it and press <F10>. 
The “Actions” menu appears. 

5 Choose “View or Edit Rights to Files and Directories.” 

6 Select a Volume object where you want to make the Group object the trustee of 
a directory or file. 

Press <Insert> to type the Volume object name or press <Insert> twice to browse 
the Directory tree. 

7 Press <Insert> to type a beginning pathname to the directories in which you want 
to make trustee assignments, or press <Insert> again to browse for the path. 
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8 Select “Directories/Files” and press <Enter>. 

Choose whether you want to view files, directories, or both when you are 
selecting one to give a trustee assignment to. 

9 Select “Trustee Search Depth” and press <Enter>. 

Choose whether you want to view only the files or directories in the current 
directory, or to search subdirectories. 

10 To list the trustee assignments, press <F10>. 

The “Trustee Directory Assignments” screen appears. 

11 To select a directory or file in which the Group object should be added as a 
trustee, press <Insert>. 

12 To accept the directory you specified earlier, press <Enter>; or, to browse for the 
file system directories, press <Insert>. 

13 To add or delete the rights, select “Trustee Directory, Rights” and press <Enter>. 
The “Trustee Rights Granted” menu appears. 

14 To view or add rights that are not yet granted, press <Insert>. 

Press <F1> if you need help. 

15 To save the trustee assignments, press <F10>. 

16 Continue selecting directories and files and granting rights until finished. 

17 To exit, press <Esc> until you return to the “NetAdmin Options” menu. 

Deleting Members from a Group Object Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Supervisor right to the Group object, or the Write or Supervisor right to the 
Members property of the Group object 

• The Supervisor right to the Group object, or the Write or Supervisor right to the 
Security Equal To property of the User object 

• The Supervisor or Write right to the ACL property of the Group and User objects 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 
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2 Select the Group object you want to edit. 

For information on moving around in the browser and selecting objects, press 
<F1>. 

3 From the “Object” menu, choose “Details.” 

4 Select the “Members” button at the right side of the “Object” dialog box. 

The list of User objects for this group appears. 

5 From the “Members” dialog box, select the name you want to delete. 

6 Choose “Delete.” 

7 If you want to delete other names, continue selecting names and choosing 
“Delete.” 

You can delete several users at a time by holding down the button on the mouse, 
dragging the mouse arrow over the names, and choosing “Delete.” 

8 When you have finished deleting members, choose “OK” to save your changes 
and return to the browser. 

Deleting Members from a Group Object Using NETADMIN 
Prerequisites 

• A workstation running DOS 3.30 and NETADMIN 

• The Supervisor right to the Group object, or the Write or Supervisor right to the 
Members property of the Group object 

• The Supervisor right to the Group object, or the Write or Supervisor right to the 
Security Equal To property of the User object 

• The Supervisor or Write right to the ACL property of the Group and User objects 

Procedure 

1 At the DOS prompt, type 

NETADMIN <Enter> 

For information on moving around in NETADMIN and selecting objects, press 
<F1> after starting the utility. 

2 From the “NetAdmin Options” menu, choose “Manage Objects.” 

3 Browse the Directory tree until the Group object appears on the screen. 
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Use the instructions at the bottom of the screen to browse the directory. Press 
<F1> if you need help. 

4 When the Group object appears in the “Object” list, select it and press <F10>. 
The “Actions” menu appears. 

5 Choose “View or Edit Properties of This Object.” 

6 From the “View or Edit Groups” menu, select Group members. 

7 Select the User object you want to delete from the Group object and press 
<Delete>. 

To select multiple User objects, press <F5>. 

8 To confirm the deletion, choose “Yes.” 

9 To exit, press <Esc> until you return to the “NetAdmin Options” menu. 

Managing Profile Objects 

Profile objects contain login scripts that are used by groups of users who 
need similar work environments but who are usually not located in the same 
container object. 

When a Profile object is named in a User object, the Profile login script 
executes when the user logs in after any login script in the Organization or 
Organizational Unit has executed. 

Users can have only one Profile, so only one Profile script can execute for 
any user. 

For information about creating a login script, see Chapter 5,“Customizing 
the User Environment.” 

For an example of a login script used in a Profile object, see “Profile Login 
Script” in Chapter 5. 

You can use NetWare Administrator or NETADMIN to create a Profile 
object. Both procedures are described in this section. 


Additional Information 

For more information about 

Refer to 

Profile objects 

“Profile object” in Concepts 
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For more information about 

Refer to 

Creating login scripts 

Chapter 5, “Customizing the User 
Environment” 

Using NETADMIN 

“NETADMIN” in Utilities Reference 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 


Creating Profile Objects Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Create object right to the object that will contain the new Profile object 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 Select the object that will contain the new Profile object. 

For information on moving around in the browser and choosing objects, press 
<F1>. 

Only Organization and Organizational Unit objects can contain Profile objects. 

3 From the “Object” menu, choose “Create.” 

4 Under “New Object,” choose “Profile.” 

The “Create Profile” dialog box appears. 

If “Profile” does not appear under “New Object,” you cannot create Profile 
objects in this container; select or create another object to contain the Profile 
object. 

5 Choose “OK.” 

6 Type the Profile object name in the box provided. 

7 (Optional) Select “Define additional properties.” 

Select this option if you want to write a Profile login script or supply additional 
information about the new Profile object. Instructions for creating a Profile 
script are in Chapter 5 “Customizing the User Environment.” 
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8 Choose “Create.” 

If you selected “Define Additional Properties,” the “Identification” dialog box 
appears. 

9 (Optional) Enter information in the fields provided in the “Identification” page of 
the “Object” dialog box. 

10 (Optional) Choose the “See Also” button at the right side of the object dialog box. 

The “See Also” page allows you to add information about the Profile object you 
are creating. For example, you might list the User objects to whom you have 
assigned this script. 

Choose “Help” at any time for information on the current task. 

11 (Optional) Choose the “Login Script” page at the right side of the “Object” dialog 
box to add commands to the Profile login script. 

Use this page to specify commands that execute when a user logs in, such as a 
drive mapping command. 

12 To save the new Profile object and return to the browser, choose “OK.” 

Creating Profile Objects Using NETADMIN 
Prerequisites 

• A workstation running DOS 3.30 or later and NETADMIN 

• The Create object right to the object that will contain the new Profile object 

Procedure 

1 At the DOS prompt, type 

NETADMIN <Enter> 

For information on moving around in NETADMIN and selecting objects, press 
<F1> after starting the utility. 

2 From the “NetAdmin Options” menu, select “Manage Objects.” 

3 Select the object that will contain the new Profile object. 

The objects in the selected container are listed. To see if you are in the right 
context, look at the title bar on the screen. Press <F1> for help. 

4 Press <Insert>. 

5 Select “Profile.” 
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If the Profile object class does not appear, you cannot create that object in the 
selected container. Press <Esc> to return to the browser, and then select a 
different container type. 

6 Type the new Profile object name and press <Enter>. 

7 If you want to create another Profile object, choose “Yes.” If you do not, choose 
“No.” 

If you choose“Yes,” you are prompted to type the new Profile object name. 
Repeat Step 3 and Step 7, and then continue with Step 8. 

If you choose “No” then the Profile object is displayed in the Directory tree. 
Continue with Step 8. 

8 To edit this object, press <F10>. 

A menu appears from which you can choose to view or edit information about 
this object. 

9 Choose “View or Edit Properties of This Object.” 

10 Choose “Login Script.” 

11 To enter new commands for this Profile login script, choose “No”; or, to copy a 
login script from another object, choose “Yes.” 

The commands you place in the Profile login script are executed when users who 
belong to this Profile object log in. 

Press <F1> for information on the commands or see “Login Script Commands 
and Variables” in Chapter 5. 

12 To save your changes, press <F10>. 

13 To exit, press <Esc> until you return to the “NetAdmin Options” menu. 

Managing Organizational Role Objects 

An Organizational Role object allows you to assign rights to a particular 
position rather than to the person who occupies that position. The people 
who occupy that position may change frequently, but the responsibilities of 
that position do not. 

The user assigned to an Organizational Role is called the occupant and is 
granted all rights that are granted to the Organizational Role object. 
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For example, you decide that you need a print manager for SALES. You 
create an Organizational Role object called PRINT MANAGER. You grant 
the PRINT MANAGER object all object rights to all the Printer, Print 
Queue, and Print Server objects in that part of the Directory tree. 

You may also grant the PRINT MANAGER object the property rights to the 
Print Job Configuration property of users. 

You can assign anyone to the PRINT MANAGER object without having to 
re-create all the trustee assignments. 

When a user is added to the occupant list of an Organizational Role object, 
the Organizational Role is listed in that user’s “Security Equal To” property. 
The user is granted all rights that any object (User, Group, Printer, etc.) in 
that list is granted, both to objects and to files and directories. 

You can use NetWare Administrator or NETADMIN to create an 
Organizational Role object. Both procedures are described in this section. 


Additional Information 

For more information about 

Refer to 

Organizational Role object 

“Organizational Role object” in Concepts 

Security equivalence 

“Security Equal To” in Concepts 

Using NETADMIN 

“NETADMIN” in Utilities Reference 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 


Creating Organizational Role Objects Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Create object right to the object that will contain the new Organizational Role 
object 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 
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2 Select the object that will contain the new Organizational Role object. 

For information on moving around in the browser and selecting objects, press 
<F1>. 

Only Organization and Organizational Unit objects can contain Organizational 
Role objects. 

3 From the “Object” menu, choose “Create.” 

4 From the “New Object” dialog box, choose “Organizational Role.” 

If “Organizational Role” does not appear under “New Object,” you cannot 
create Organizational Role objects in this container. Select or create another 
object to contain the Organizational Role object. 

5 Choose “OK.” 

The “Create Organizational Role” dialog box appears. 

6 Type the Organizational Role object name in the box provided. 

7 (Optional) “Select Define Additional Properties.” 

8 Select the “Create” button at the bottom of the window. 

The “Identification” page of the “Object” dialog box appears. 

9 Enter information in the fields provided in the “Identification” dialog box. 

10 Choose the button to the right of “Occupant.” 

11 Choose “Add.” 

The “Select Object” window appears. 

12 Select User objects from the “Directory Context” window until the objects you 
want are shown in the “Object” window. 

13 Select the User object in the left window to occupy the Organizational Role; then 
choose “OK.” 

The object you selected appears in the “Occupant” window. 

14 Choose “OK” in the “Occupant” window. 

15 When you are finished adding User objects as Occupants, choose “OK” in the 
“Organizational Role” window. 

16 (Optional) Select the “See Also” button at the right side of the object dialog box. 
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The “See Also” page allows you to add information about the Organizational 
Role object you are creating. For example, you might list the User objects that 
you have assigned as occupants. 

17 To save the new Organizational Role object and return to the browser, choose 
“OK.” 

Creating Organizational Role Objects Using NETADMIN 
Prerequisites 

• A workstation running DOS 3.30 and NETADMIN 

• The Create object right to the object that will contain the new Organizational Role 
object 

Procedure 

1 At the DOS prompt, type 

NETADMIN <Enter> 

For information on moving around in NETADMIN and selecting objects, press 
<F1> after starting the utility. 

2 From the “NetAdmin Options” menu, choose “Manage Objects.” 

3 Select the object that will contain the new Organizational Role object. 

The objects in the selected container are listed. 

To see if you are in the right context, look at the title bar on the screen. Press 
<F1> for help. 

4 Press <Insert>. 

5 Select “Organizational Role.” 

If the Organizational Role object class does not appear, you cannot create that 
object in the selected container. Press <Esc> to return to the browser, and then 
select a different container type. 

6 Type the new Organizational Role object name. 

7 Type the Mailbox Focation and press <Enter>. 

8 If you want to create another Organizational Role object, choose “Yes.” If you do 
not, choose “No.” 

If you choose “Yes,” you are prompted to type the new Organizational Role 
object name. Repeat Step 6 and then continue with Step 9. 
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If you choose “No,” then the Organizational Role object is displayed in the 
Directory tree. Continue with Step 9. 

9 To edit this object, press <F10>. 

A menu appears from which you can choose to view or edit information about 
this object. 

10 Choose “View or Edit Properties of This Object.” 

11 From the “View or Edit Organizational Role” menu, choose “Identification.” 

12 Specify a User object for the Organizational Role. 

a Select the field next to “Occupant” and press <Enter>. 
b Press <Insert>. 

c Type the complete name of a User object in the space provided, or press 
<Insert> to browse the Directory tree and select a User object to be the 
occupant of the Organizational Role. 

The path from the object to the Root of the Directory tree forms the object’s 
complete name. 

13 Select additional User objects as needed. 

14 To save the list of occupants, press <F10>. 

15 Enter information in other fields as needed. 

16 To save changes, press <F10>. 

17 To exit, press <Esc> until you return to the “NetAdmin Options” menu. 

Managing User Templates 

A user template contains default information that you can apply to User 
objects to give them default property values. 

Use these guidelines as you create user templates: 

• You can create a user template in an Organization or Organizational Unit object, 
either when you create the container object or later on. 

• When you create a User object, you are prompted to use the defaults in the user 
template. If you do, the property values you entered in the user template, such as 
login time restrictions, password restrictions, etc., are copied into the User 
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object’s properties. 

• The user template is actually a User object named USER_TEMPLATE. You 
enter information in this User object just as you would for any other User object. 
However, not all properties of a User object can be copied from a user template. 

• You can copy information from the parent container’s user template. For 
example, if you create a user template in SALES.O=ACME, you are prompted to 
copy the user template from ACME, if one exists; thus, you avoid having to re¬ 
enter similar information for lower-level containers. 

• User template information is taken from the nearest parent container. If the 
container object in which you create a User object does not have a user template, 
you can apply the parent container’s user template to the User object. 

When working with user templates, remember the following: 

• Changing values in a user template does not change values in existing User 
objects. The changes apply only to User objects created after changing the user 
template values. 

• To update information for existing users, you must enter the changes for each 
User object. 

• You cannot use a user template to grant NDS or file system rights. 

You can use NetWare Administrator or NETADMIN to create a user 

template. Both procedures are described in this section. 

Additional Information 


For more information on 

Refer to 

User defaults 

“User template” in Concepts 

User objects 

“User object” in Concepts 

Using NETADMIN 

“NETADMIN” in Utilities Reference 

Using NetWare 

“NetWare Administrator” in Utilities 

Administrator 

Reference 
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Creating and Editing User Templates with NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Create object right to the object that will contain the user template 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 Select the object that will contain the new user template. 

For information on moving around in the browser and selecting objects, press 
<F1>. 

Only Organization and Organizational Unit objects can contain User objects. 

3 From the “Object” menu, select “User Defaults.” 

4 If you want the new user template to inherit the properties from the parent 
container’s user template, choose “Yes.” If not, choose “No.” 

If there is no parent container, this prompt does not appear. Continue with Step 

5 . 

If you choose “Yes,” a USER_TEMPLATE User object is created and the first 
page of defaults, “Identification,” appears with the same information that is in 
the parent container’s user template. 

If you choose “No,” a USER_TEMPLATE User object is created and the first 
page of defaults, “Identification,” appears. 

5 (Optional) On the “Identification” page, enter or change the information that you 
want to apply to new User objects. 

For example, the location for all User objects to which you will apply the 
template might be New York. You would type “New York” in the “Location” 
field. 

6 Select other USER_TEMPLATE pages as needed and enter the template 
information. 

7 To save the user template and return to the browser, choose “OK.” 
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Creating and Editing User Templates with NETADMIN 

Prerequisites 

• A workstation running DOS 3.30 or later and NETADMIN 

• The Create object right to the object that will contain the user template 

Procedure 

1 At the DOS prompt, type 

NETADMIN <Enter> 

For information on moving around in NETADMIN and selecting objects, press 
<F1> after starting the utility. 

2 From the “NetAdmin Options” menu, select “Manage Objects.” 

3 Browse the Directory tree to find and select the container object in which you 
want to add a new container object. 

The objects in the selected container are listed. 

To see if you are in the right context, look at the title bar on the screen. Press 
<F1> for help. 

4 Press <Insert>. 

5 From the “Select an Object Class” screen, select the container type that you want 
to create. 

If the container object class you want to create does not appear, you cannot 
create that object in the selected container. Press <Esc> to return to the browser, 
and then select a different container type. 

6 Type the new container object name and press <Enter>. 

7 If you want to create a user template to be applied to new User objects created in 
this container, type “Y” and press <Enter>. 

You are not prompted to create a user template if you are creating a Country 
container object. 

8 Choose “View or Edit Properties of This Object.” 

9 Choose “Edit Template User.” 

The “View or Edit User” screen appears. 

10 Enter or change the values of the user template as needed. 
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The help line at the bottom of the screen gives information on each option as you 
highlight it. 

For more information, press <F1>. 

11 To save the information, press <F10>. 

12 To exit, press <Esc> until you return to the “NetAdmin Options” menu. 
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Searching for Objects 

When you want to find information in the Directory database without 
opening numerous containers to view the objects, you can use the Search 
feature. 

With the Browse object right, you can search for object classes anywhere in 
the Directory tree. With the Compare property right, you can search for 
objects that have properties that match a particular value. 

You can search for objects using NetWare Administrator, NETADMIN, or 
NLIST. All procedures are described in this section. 

Searching for Objects Using NetWare Administrator 

NetWare Administrator searches each object in the Directory database 
unless you narrow the search by specifying properties in combination with 
additional variables such as “less than” or “equal to.” 

For example, to find all users in New York, you could search for User 
objects with State or Province Name “equal to” New York. The Search 
feature then displays objects that meet the search criteria. 

Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Browse object right to the object you want to see in the search 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 Select an object in the Directory tree where the search should start. 

3 From the “Object” menu, select “Search.” 

A “Search” window appears. 

4 Select the browser icon to the right of the “Start From” field to select an object 
from which to start the search. 
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5 Specify how much of the Directory tree to search. 

• To search everything below the “Start From” object, select “Search Entire 
Subtree.” 

• To search only among objects one level below the “Start From” object, 
continue with Step 6. 

6 Select the down-arrow to the right of the “Search For” field to select an object 
class to search. 

• If you want all the objects of this selected object class to be listed, choose 
“OK.” 

• If you want only objects that have properties that match certain criteria to be 
listed, continue with Step 7. 

7 (Optional) Select the down-arrow to the right of the “Property” field to select 
which property’s value will be examined. 

The properties in this list change depending on which object class you selected 
in the “Search For” field. 

8 (Optional) Select how you want to compare a value to the selected property. 
You can select “Equal To,” “Greater Than,” “Fess Than,” or other choices. 

9 (Optional) Enter a value in the field to the right of the comparison method that 
you entered in Step 8. 

For example, if you are searching for a Profile object that has the value 
“Manager’s Profile” in the Other Names property, you might select the property 
“Other Names,” then use the comparison method “Equal To” and the value of 
“Manager’s Profile.” 

10 Choose “OK.” 

Objects that match your selections are displayed in a “Search Results” window. 

Additional Information 


For more information about 

Refer to 

Properties 

“Property” in Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 
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Searching for Objects Using NETADMIN 

NETADMIN searches each object in the Directory database unless you 
narrow the search by specifying properties in combination with additional 
variables such as “less than” or “equal to.” 

For example, to find all users in New York, you could search for User 
objects with State or Province Name “equal to” New York. The Search 
feature then displays objects that meet the search criteria. 

Prerequisites 

• A workstation running DOS 3.30 or later and NETADMIN 

• The Browse object right to the object you want to see in the search 

Procedure 

1 At the DOS prompt, type 

NETADMIN <Enter> 

For information on moving around in NETADMIN and selecting objects, press 
<F1> after starting the utility. 

2 From the “NETADMIN Options” menu, choose “Manage According to Search 
Pattern.” 

3 Enter the object name you want to search on in the “Enter Object Name” field, 
use * to view all objects, or limit the search by combining characters with the *. 

For example, if you want to view all objects whose names begin with “P,” enter 
“P*” in the “Enter Object Name” field. 

4 In the “Object Class” field, select the object class or classes for which you want 
to search. To search for all object types, select “/All classes/.” 

a Press <Enter> to select the object classes. 

b If the object classes you want to search on don’t appear in the “Object Classes 
Included” screen, press <Insert> to select additional object classes. 

5 If you want to view an Alias object as an alias and not as the object the alias 
represents, choose “Yes” in the “Show Alias Class” field. 

6 Press <F10>. 

Objects that match your selections are displayed in the browse screen. 

Additional Information 
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For more information about 

Refer to 

Properties 

“Property” in Concepts 

Using NETADMIN 

“NETADMIN” in Utilities Reference 


Searching for Objects Using NLIST 

NLIST is a workstation command line utility that allows you to 

• List objects and object properties. 

• View information about such objects as users, groups, volumes, and servers (such 
as object properties, names, property groups, and login information). 

• Search for objects and object properties (including groups of properties for 
objects) on NetWare 2 and NetWare 3 servers. 

For information about using the NLIST command, see “NLIST” in Utilities 
Reference. 
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Moving Objects in the Directory Tree 

While previous versions of NetWare allowed you to move only leaf objects, 
NetWare 4.1 allows you to move both leaf objects and container objects to 
other containers in the Directory free. 

When you move a leaf or container object, NDS changes all references to 
the moved object. Although the object’s common name remains unchanged, 
the context name of the object (and of all its subordinates) changes. 

Keep the following in mind when you move container objects: 

• You can move a container object only if it is the Root of an NDS partition that 
has no subordinate partitions. 

• When you move a container object, you should create an alias object that points 
to the container object you are moving. Then users can continue to log in to the 
network and find the container object in its original Directory location. 

• Because the context of a container object changes when you move it, users whose 
name context in their configuration file (NET.CFG file) references the moved 
container need to update their NET.CFG so that it references the container’s new 
name. 

To automatically update users’ NET.CFG files with a new name context after 
you move a container object, use the NCUPDATE utility. For instructions, see 
“NCUPDATE” in Utilities Reference. 

NOTE: If you move a container object and do not create an alias, users who are unaware of 

the object’s new location will not easily find the object in the Directory tree, since 
they will look for it in its original Directory location. 

Also, users may not be able to log in if the name context in their configuration file 
(NET.CFG file) references the moved container. 


You can use NetWare Administrator or NETADMIN to move objects in the 
Directory tree. Both procedures are documented in this section. 

Moving Leaf Objects Using NetWare Administrator 

NetWare Administrator lets you move objects using either dialog boxes or 
the drag-and-drop method. Both are documented here. 
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Using Dialog Boxes 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Browse object right to the object you want to see in the search 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 From the browser window, select one or more leaf objects. 

To select multiple leaf objects, press <Ctrl> on the keyboard and, without 
releasing <Ctrl>, select the objects with the mouse. 

3 From the “Object” menu, choose “Move.” 

4 Select the browser button to the right of the “Destination” box. 

The “Directory Context” box appears in the lower right corner of the screen. Use 
this field to browse the Directory tree’s containers. 

The “Objects” box that appears in the lower left corner shows the containers that 
appear when you browse the Directory. 

5 From the “Objects” box, select a container object (an Organization or 
Organizational Unit) as the location to move the listed objects to; then choose 
“OK.” 

6 In the “Move” dialog box, choose “OK.” 

The listed objects are moved to the destination container. 

Additional Information 


For more information about 

Refer to 

Objects 

“Object” in Concepts 

Rights 

“Rights” in Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 
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Using Drag-and-Drop 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Supervisor right for the object you want to move 

• The Create object right to the destination container 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 (Optional) From the “Tools” menu, open another browser window by selecting 
“Browse.” 

If you can see both the object and the destination container in one browser 
window, it is not necessary to open two browser windows. Go directly to Step 4. 

3 Reshape the browser windows, using the window borders, so that you can view 
both windows at once. 

4 From one of the browser windows, select one or more leaf objects. 

To select multiple leaf objects, press <Ctrl>, and without releasing <Ctrl> select 
the objects with the mouse. 

5 Press <Ctrl> and, without releasing <Ctrl>, click and hold down on the object(s) 
and drag the object(s) to the destination container; then release the mouse button. 

6 In the “Move” dialog box, choose “OK.” 

The listed objects are moved to the destination container. 

Additional Information 


For more information about 

Refer to 

Objects 

“Object” in Concepts 

Rights 

“Rights” in Concepts 

Directory tree 

“Directory tree” in Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 
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Moving Leaf Objects Using NETADMIN 
Prerequisites 

• A workstation running DOS 3.30 or later and NETADMIN 

• The Supervisor right to the object you want to move 

• The Create object right to the destination container 

Procedure 

1 At the DOS prompt, type 

NETADMIN <Enter> 

For information on moving around in NETADMIN and selecting objects, press 
<F1> after starting the utility. 

2 From the “NetAdmin Options” menu, select “Manage Objects.” 

3 Select the object that you want to move. 

• If the object you want to move appears on the list, select it and press <F10>. 

• If the object is not on the list, browse the Directory tree by selecting container 
objects and pressing <Enter> until you see the object you want. Select it and 
press <F10>. 

4 From the “Actions” menu, choose “Move.” 

5 Using the down-arrow key to reach the field, highlight the “New Context” field. 

6 Assign a new context to the object you want to move. 

• If you know the new context that you want the object to be in, type the new 
context in the highlighted field. 

• If you do not know the new context that you want to object to be in, press 
<Insert> twice to browse the Directory tree for the destination container; then 
select the destination container and press <F10>. 

7 To accept the new context as the destination container, press <Enter>. 

8 To confirm that you want to move the object listed in the “Old Context” field to 
the container listed in the “New Context” field, press <F10>. 

The selected object is moved to the destination container. 

You may need to wait for processes throughout the Directory tree to complete 
before you can move this object again. 

Additional Information 
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For more information about 

Refer to 

Objects 

“Object” in Concepts 

Rights 

“Rights” in Concepts 

Directory tree 

“Directory tree” in Concepts 

Using NETADMIN 

“NETADMIN” in Utilities Reference 


Moving Container Objects Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Supervisor right to the object you want to move 

• The Create object right to the destination container 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 From the “Tools” menu, choose “Partition Manager.” 

3 From the “Partition Manager” browser, select the partition that you want to move. 

You can move a container object only if it is the Root of an NDS partition, and 
only if it contains no subordinate partitions. 

In Partition Manager, the partition icon appears to the left of the object icon. If 
the container you want to move is not a partition, select the container and choose 
“Create as New Partition.” 

4 From the “Object” menu, choose “Move Partition.” 

5 Select the browser button to the right of the “Destination” box. 

Use the browser in the “Directory Context” box to view the Directory tree’s 
containers. 

The “Objects” box that appears in the lower left corner shows the containers that 
you can select in the “Directory Context” box. 

6 From the “Objects” box, select a container object (an Organization or 
Organizational Unit) as the location to move the listed objects to; then choose 
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“OK.” 

7 Choose “Create Alias in Place of Moved Container.” 

The Alias object will point to the partition's new location. 

8 In the “Move” dialog box, choose “OK.” 

If you choose to create an alias in place of the moved container, NetWare 
Administrator polls for the creation of the Alias object before it moves the 
selected partition. 

If you moved a container and created an alias in its place, you should use the 
NCUPDATE utility to update the name context of users in the moved container. 
For instructions, see “NCUPDATE” in Utilities Reference. 

If you move a container object and do not create an alias, users who are 
unaware of the object’s new location will not easily find the object in the 
Directory tree, since they will look for it in its original Directory location. 

Also, users may not be able to log in if the name context in their 
configuration file (NET.CFG file) references the moved container. 

Additional Information 


For more information about 

Refer to 

Objects 

“Object” in Concepts 

Rights 

“Rights” in Concepts 

Alias objects 

“Alias object” in Concepts 

Directory tree 

“Directory tree” in Concepts 

NCUPDATE 

“NCUPDATE” in Utilities Reference 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 


Moving Container Objects Using NETADMIN 

Prerequisites 

• A workstation running DOS 3.30 or later and NETADMIN 

• The Create object right to the destination container 
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Procedure 

1 At the DOS prompt, type 

NETADMIN <Enter> 

For information on moving around in NETADMIN and selecting objects, press 
<F1> after starting the utility. 

2 From the “NetAdmin Options” menu, choose “Manage Objects.” 

Your current context appears in the upper left corner. 

3 Select the object that you want to move. 

• If the object you want to move appears on the list, select it and press <F10>. 

• If the object is not on the list, browse the Directory tree by selecting container 
objects and pressing <Enter> until you see the object you want. Select it and 
press <F10>. 

4 From the “Actions” menu, choose “Move.” 

You can move a container object only if it is the Root of an NDS partition, and 
only if it contains no subordinate partitions. 

In NETADMIN, when you select a container object that is a partition, the 
context-sensitive help at the bottom of the screen reads “This is a partition.” 

If the container you want to move is not a partition, you must first use a partition 
management utility (PARTMGR or NetWare Administrator) and create the 
container as a new partition. 

5 Using the down-arrow key to reach the field, highlight the “New Context” field. 

6 Assign a new context to the object you want to move. 

• If you know the new context that you want the object to be in, type it in the 
highlighted field. 

• If you do not know the new context that you want the object to be in, press 
<Insert> twice to browse the Directory for the destination container; then 
select the destination container and press <F10>. 

7 To accept the new context as the destination container, press <Enter>. 

8 To confirm that you want to move the object listed in the “Old Context” field to 
the container listed in the “New Context” field, press <F10>. 

9 To create an alias in place of the moved container, choose “Yes.” 

The Alias object will point to the partition's new location. 
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The selected object is moved to the destination container. 


NOTE: You need to wait for processes throughout the Directory tree to be completed before 

you can move this object again. 


If you moved a container and created an alias in its place, you should use the 
NCUPDATE utility to update the name context of users in the moved container. 
For instructions, see “NCUPDATE” in Utilities Reference. 


CAUTION: If you do not create an alias, users who are unaware of the object’s new location 

cannot easily find the object in the Directory tree, since they will look for it in its 
original Directory location. 

Also, users might not be able to log in if the name context in their configuration file 
(NET. CFG) references the moved container. 


Additional Information 


For more information about 

Refer to 

Objects 

“Object” in Concepts 

Rights 

“Rights” in Concepts 

Directory tree 

“Directory tree” in Concepts 

Using NETADMIN 

“NETADMIN” in Utilities Reference 
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Deleting Objects from the Directory Tree 

When you delete a leaf object, NDS removes references to the deleted 
object. For example, if you delete a Profile object, that Profile object is 
deleted from any User objects that list it. Or, if you delete a User object, all 
trustee assignments listing that user are deleted. 

Some special considerations apply when you delete particular' objects, such 
as a NetWare Server object, a User object, or an Alias object. These are 
explained in the next three sections. 

You cannot undo a Delete Object operation. To get the object back, you must 
re-create it and re-enter all data in its properties. 

You can use NetWare Administrator or NETADMIN to delete objects from 
the Directory tree. Both procedures are described later in this section. 

Cautions When Deleting Server Objects 

An NDS server is one that you have installed in the Directory tree. Any 
server that is not in the Directory tree is a bindery server. 

You can use NetWare Administrator or NETADMIN to delete bindery 
servers. But consider the following before you delete an NDS Server object: 

• You cannot delete a NetWare server from the Directory tree using the 
NETADMIN utility. 

• You must use the Partition Manager tool in NetWare Administrator to delete an 
NDS server from the Directory tree. 

• You cannot delete a container object unless all the objects in the container are 
deleted first. 

• If the server you want to delete contains a master replica, you must first change 
the master to a different type and designate another replica on another server as 
the master. 
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Cautions When Deleting User Objects 

You must be careful not to delete a trustee object that has the only trustee 
assignment to a part of the Directory free. If you do, you could cut off access 
to that part of the Directory tree. 

Be careful not to block all users’ rights to an object with an Inherited Rights 
Filter, which would leave no one with access to paid of the Directory tree. 

Therefore, be aware of the following before you delete a User object: 

• To avoid losing access to any object, check the “Rights to other objects” and 
“Trustees of this object” attributes of the User object you want to delete. 

To view these attributes, select the User object, and right-click once. Then select 
the attribute you want to view from the available options. 

If the User object you want to delete has the Supervisor right to another object, 
transfer that Supervisor right to another User object before you delete the 
original User object. 

Or, give a User object in a higher container the Supervisor right to objects, and 
then block other users from deleting those objects. 

• Do not delete User ADMIN until you have given another User object the same 
Supervisor right that ADMIN has. 

• When you delete a User object, any security equivalences you have assigned to 
other trustees are lost; also, the home directories and mail directories are not 
deleted. 


Cautions When Deleting Alias Objects 

Be aware of the following before you delete an Alias object: 

• If you delete an Alias object (which appears as the actual object it is pointing to), 
you delete only the Alias object, not the object it points to. 

• If you delete the object that an Alias object points to, the Alias object is also 
deleted. 
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Deleting Objects Using NetWare Administrator 

Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Delete object right to the object that you want to delete 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 Using the browser, select the object you want to delete. 

Only leaf objects and container objects that are empty can be deleted. 

3 Select (check) the “Trustees of This Object” and the “Rights to Other Objects” 
dialog boxes. 

If a User object you want to delete has the Supervisor right to another object, 
give another User object that Supervisor right before you delete the original 
User object. 

4 Choose “Delete” from the “Object” menu. 

You cannot undo an object deletion. To get the object back, you must re-create it 
and re-enter all data in its properties. 

5 To confirm the deletion, choose “OK.” 

Additional Information 


For more information about 

Refer to 

Objects 

“Object” in Concepts 

Rights 

“Rights” in Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 
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Deleting Objects Using NETADMIN 

Prerequisites 

• A workstation running DOS 3.30 or later and NETADMIN 

• The Delete object right to the object that you want to delete from the Directory 
tree 

Procedure 

1 At the DOS prompt, type 

NETADMIN <Enter> 

For information on moving around in NETADMIN and selecting objects, press 
<F1> after starting the utility. 

2 Choose “Manage Objects” from the “NetAdmin Options” menu. 

3 Browse the Directory until the object you want to delete appears. 

Use the instructions at the bottom of the screen to browse the directory. Press 
<F1> for help. 

4 Select the object and press <Delete>. 

If a User object you want to delete has the Supervisor right to another object, 
give another User object that Supervisor right before you delete the original 
User object. 

You cannot undo an object deletion. To get the object back, you must re-create it 
and re-enter all data in its properties. 

5 To confirm the deletion, choose “Yes.” 

The object is deleted from the Directory tree. 

6 Press <Esc> until you return to the “NetAdmin Options” menu. 

Additional Information 


For more information about 

Refer to 

Objects 

“Objects” in Concepts 

Rights 

“Rights” in Concepts 

Using NETADMIN 

“NETADMIN” in Utilities Reference 
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Renaming Leaf and Container Objects 

You may want to rename objects to make the names more descriptive or to 
reflect your changing environment. For example, you may want to rename a 
printer from LASER IN BLDG D to LASER IN BLDG A, or an 
Organizational Unit from SALES to ACCOUNTS. 

When you rename an object, NetWare Directory Services changes all 
references to the renamed object. 

Renaming a leaf object changes only the object’s common name, which is 
the name that is displayed in the Directory tree. It does not change the 
object’s context. However, renaming a container object changes the object’s 
common name as well as its context. 

When renaming a container object, you should seriously consider creating 
an Alias object that points to the container object you arc renaming. Then 
users can continue logging in to the network and can see the container 
object’s original name. 

If you rename a container object and do not create an alias, users who are 
unaware of the object’s new name will not easily find the object in the 
Directory tree, since they will look for its original name. 

Also, users may not be able to log in if the name context in their 
configuration file (NET.CFG file) references the renamed container. 

To automatically update users’ NET.CFG files with a new name context 
after you rename a container object, you can place a command in the 
renamed container’s login script that will run the NCUPATE utility. 

Renaming Objects Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Rename object right to the object that you want to rename 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
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icon. 

2 Using the browser, select the object that you want to rename. 

3 From the “Object” menu, choose “Rename.” 

4 Type the new name for the object you selected. 

5 (Optional) Select “Save Old Name.” 

Select this option if you want the old name saved as a value in the “Other 
Names” field of the “Details” screen. 

If you save the old name, users who do not know the object’s new name can 
search for the object under the old name. 

6 (Optional ) If you are renaming a container object, select “Create Alias in Place 
of Renamed Container.” 

If you do not create an alias, users who are unaware that the container has been 
renamed cannot easily find the object in the Directory tree. Also, users whose 
name context in their NET.CFG file references the renamed container might be 
unable to log in. 

7 To save the changes and return to the browser, choose “OK.” 

If you renamed a container object, you should use the NCUPDATE utility to 
update the name context of users in the renamed container. For instructions, see 
“NCUPDATE” in Utilities Reference. 

Additional Information 


For more information about 

Refer to 

Objects 

“Object” in Concepts 

Rights 

“Rights” in Concepts 

Alias objects 

“Alias object” in Concepts 

Directory tree 

“Directory tree” in Concepts 

NCUPDATE 

“NCUPDATE” in Utilities Reference 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 
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Renaming Objects Using NETADMIN 

Prerequisites 

• A workstation running DOS 3.30 or later and NETADMIN 

• The Rename object right to the object that you want to rename 

Procedure 

1 At the DOS prompt, type 

NETADMIN <Enter> 

For information on moving around in NETADMIN and selecting objects, press 
<F1> after starting the utility. 

2 Choose “Manage Objects” from the “NetAdmin Options” menu. 

Your current context appears in the upper left corner of the screen. 

3 Select the object that you want to rename. 

• If the object appears on the list, select it and press <F10>. 

• If the object is not on the list, browse the Directory tree by selecting container 
objects and pressing <Enter> until you see the object you want. Select it and 
press <F10>. 

4 Choose “Rename.” 

5 In the “New Name” field, enter a new name for the object. 

6 Choose “Yes” to save the old name; choose “No” to discard the old name. 

Choose “Yes” if you want the old name saved as a value in the “Other Names” 
field of the “Details” screen. 

If you save the old name, users who do not know the objects’s new name can 
search for the object under the old name. 

7 To save your changes, press <F10>. 

8 To confirm that you want to save the new name, choose “Yes.” 

9 (Optional) To create an alias in place of the renamed container, choose “Yes.” 

If you do not create an alias, users who are unaware that the container has been 
renamed cannot easily find the object in the Directory tree. Also, users whose 
name context in their NET.CFG file references the renamed container might be 
unable to log in. 
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10 Press <Esc> until you return to the “NetAdmin Options” menu. 

If you renamed a container object, you should use the NCUPDATE utility to 
update the name context of users in the renamed container. For instructions, see 
“NCUPDATE” in Utilities Reference. 

Additional Information 


For more information about 

Refer to 


“Object” in Concepts 

Rights 

“Rights” in Concepts 

Alias objects 

“Alias object” in Concepts 

NCUPDATE 

“NCUPDATE” in Utilities Reference 

Using NETADMIN 

“NETADMIN” in Utilities Reference 
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Changing Object Property Values 

You can use NetWare Administrator or NETADMIN to change object 
property values. Both are described in this section. 

In this section, the general procedures for changing object property values 
are followed by tables that describe how to change specific properties of 
specific objects. 

For a complete list of all properties for all objects, see Appendix A. “NDS 
and Bindery Objects and Properties,” of Utilities Reference. 

Changing Object Property Values Using NetWare Administrator 

Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Create object right to the container of the object whose property value will 
be changed 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 From the browser, select the object whose property values you want to change. 

For information on moving around in the browser and selecting objects, press 
<F1>. 

3 Choose “Details” from the “Object” menu. 

The “Identification” page appears. 

4 Make any necessary changes. 

See Table 2-6 and Table 2-7 for details on object property values you can 
change. After you make changes, go to Step 5. 

Click on “Help” for details on each field and option. 

Do not choose “OK” until you have entered all the changes you want to make to 
every page of the dialog box. 
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Do not choose “Cancel” unless you want to lose all changes made to every page 
of the “Object” dialog box. 

Table 2-6 describes how to change User object property values. 

Table 2-6 Changing User Object Property Values Using NetWare Administrator 


To 

Choose this page of the “Object” dialog box; then... 

Change the user’s last name, other 
names, title, description, department, 
telephone number, fax number, or 
email address 

“Details”; enter information in the fields. 

Disable the user’s account 

“Details”; choose “Login Restrictions” and select (check) 
“Account Disabled.” 

Change the user’s password 

“Details”; choose “Password Restrictions,” choose “Change 
Password,” and then enter information in the fields. 

Set the user’s account expiration date 
or number of concurrent connections 

“Details”; choose “Login Restrictions,” check “Account 

Has Expiration Date” or “Limit Concurrent Connections,” 
and then enter information in the fields. 

Change the user’s password 
restrictions (password length, periodic 
changes, uniqueness, grace logins) 

“Details”; choose “Password Restrictions” and enter 
information in the fields. 

Restrict the user’s login times 

“Details;” choose “Login Time Restrictions” and choose the 
days and hours that the user is restricted from logging in to 
the network. 

Set the user’s login address restrictions 

“Details”; choose “Network Address,” select the 
appropriate protocol, choose “Add,” and then enter 
information in the fields. 

Change the user’s login script 

“Details”; choose “Login Script” and enter login script 
commands. 

Specify the user’s Profile login script 

“Details”; choose “Login Script,” choose the browser 
button next to the “Profile” field, and then select a new 

Profile object from the “Select Object” dialog box. 

Add the user to an existing Group 

“Details”; choose “Group Membership,” choose “Add,” and 
then select a Group from the “Select Object” dialog. 
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Table 2-6 Changing User Object Property Values Using NetWare Administrator 


To 

Choose this page of the “Object” dialog box; then... 

Unlock a user’s account 

“Details”; choose “Intruder Lockout” and enter information 
in fields to reset the User’s account. 

View, reset, or set up intruder detection 
on a user’s account 

“Details”; choose “Intruder Lockout” and view or reset 
information in fields. 


To set up intruder detection, you must go to the “Details” 
page of the container that the users reside in; then choose 
“Intruder Detection,” and enter information in the fields. 

Change a user’s mailing address 

“Postal Address,” enter information in the fields. 

Set up the user’s security equivalences 

“Security Equivalence”; choose “Add” and select an object 
from the “Select Object” dialog box. 


Table 2-7 describes how to change other object (non-User, nonprinting) property 
values. 


Table 2-7 Changing Other Object Property Values Using NetWare Administrator 


To 

Select this class of object 

Choose this page of the “Object” 
dialog box; then... 

Change information about the 
object’s description, location, 
department, organization, etc. 

Any class 

“Details”; enter information in the 
fields. 

Change the object’s mailing 
address 

Organization, 
Organizational Unit 

“Details”; choose “Postal Address” and 
enter information in the fields. 

Change the object’s login script 

Organization, 
Organizational Unit, 

Profile 

“Details”; choose “Login Script” and 
enter login script commands. 

View, reset, or set up intruder 
detection for the object 

Organization, 
Organizational Unit 

“Details”; choose “Intruder Detection” 
and enter information in the fields. 
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Table 2-7 Changing Other Object Property Values Using NetWare Administrator 


To 

Select this class of object 

Choose this page of the “Object” 
dialog box; then... 

Change the list of operators or 
resources associated with this 
object 

Computer, NetWare 

Server 

“Details”; choose “Operators,” 

“Supported Services,” “Resources,” or 
“User”; click on “Add;” and then select 
other objects from the “Select Object” 
dialog box. 

Set the object’s network 
address and protocol 

Computer, NetWare 

Server, Volume 

“Details”; choose “Network Addresses,” 
select a network protocol, choose 
“Add,” and then complete the fields 
associated with that protocol. 

Change the list of other objects 
affiliated with this object 

Any class 

“Details”; choose “See Also,” choose 
“Add,” and then select other objects 
from the “Select Object” dialog box. 

Change the list of objects 
belonging to the Group 

Group 

“Details”; choose “Members,” choose 
“Add,” and then select other objects 
from the “Select Object” dialog box. 

Change the object’s volume 
time or usage information 

Volume 

“Details”; choose “Statistics,” “Dates 
and Times,” or “User Space Limits”; 
then enter information in the fields. 


5 To save the changes you made in all pages of the dialog and return to the browser, 
choose “OK.” 

Additional Information 


For more information about 

Refer to 

Objects 

“Object” in Concepts 

Object properties 

“Property” in Concepts 

Rights 

“Rights” in Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 
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Changing Object Property Values Using NETADMIN 

Prerequisites 

• A workstation running DOS 3.30 or later and NETADMIN 

• The Create object right to the container of the object whose property value will 
be changed 

Procedure 

1 At the DOS prompt, type 

NETADMIN <Enter> 

For information on moving around in NETADMIN and selecting objects, press 
<F1> after starting the utility. 

2 From the “NetAdmin Options” menu, choose “Manage Objects.” 

3 Browse the Directory until the object you want appears. 

Use the instructions at the bottom of the screen to browse the directory. Press 
<F1> for help. 

4 Select the object and press <F10>. 

The “Actions” dialog box appears. 

5 Select “View or Edit Properties of This Object.” 

6 Select an option and make any necessary changes. 

See Table 2-8 and Table 2-9 for details on object property values you can 
change. After you make changes, go to Step 7. 

Press <F1> for details on each field and option. 

Table 2-8 describes how to modify User object property values. 
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Table 2-8 Changing User Object Property Values Using NETADMIN 


To 

Choose this option from the “View or Edit Properties of 
This Object” menu; then... 

Change the user’s last name, other 
names, title, description, location, 
department, telephone number, fax 
number, or email address 

“Identification”; enter information in the fields. 

Disable the user’s account 

“Account restrictions”; choose “Login restrictions,” and 
enter “Yes” in the “Account Disabled” field. 

Change the user’s password 

“Change password”; enter new password as prompted. 

Set the user’s account expiration date 
or number of concurrent connections 

“Account restrictions”; choose “Login restrictions,” and 
enter information in the fields. 

Change the user’s password 
restrictions (password length, 
changes, uniqueness, grace logins) 

“Account restrictions”; choose “Password restrictions,” and 
enter information in the fields. 

View, reset, or set up intruder detection 
on a user’s account 

“Account restrictions”; choose “Intruder lockout status,” 
then view or reset information in fields to detect intruder 
attempts. 

To set up intruder detection, you must go to the “View, Edit 
Properties of This Object” page of the container that the 
users reside in, then choose “Intruder Detection,” and enter 
information in the fields. 

Restrict the user’s login times 

“Account restrictions”; choose “Login time restrictions,” 
and enter information in the fields. 

Change the user’s login script 

“Login script”; enter login script commands. 

Set the user’s login address restrictions 

“Account restrictions”; choose “Net address restrictions,” 
press <Insert>, select the address type, and then enter 
information in the fields. 

Specify the user’s profile login script 

“Groups/Security Equal To Profile”; choose “Profile,” then 
enter the name and context of the Profile object (or press 
<Insert> and select the name from the list). 
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Table 2-8 Changing User Object Property Values Using NETADMIN 


To 

Choose this option from the “View or Edit Properties of 
This Object” menu; then... 

Add the user object to an existing 

Group 

“Groups/Security Equal To Profile”; select “Groups” and 
press <Enter>, then press <Insert> and enter the Group 
name (or press <Insert> again and select the Group name 
from the list). 

Give the user a security equivalence to 
another user 

“Groups/Security Equal To Profile”; select “Security Equal 
To” and press <Enter>, then press <Insert> and enter the 
complete name (or press <Insert> again and select the name 
from the list). 

Change the user’s mailing address 

“Postal Address”; enter information in the fields. 

Change the user’s account balance, 
credit, or allow unlimited balance 

“Account restrictions”; choose “Account balance,” and 
enter information in the fields. 

Change the list of other objects 
affiliated with this user object 

“See also”; enter names (or press <lnsert> and select names 
from the list). 


Table 2-9 describes how to modify other object (non-User and non-printing) 
property values. 

Table 2-9 Changing Other Object Property Values Using NETADMIN 


To 

Select this class of object 

Choose this option from the 
“View or Edit Properties of 
This Object” menu; then... 

Change the information about 
an object’s description, 
location, department, 
organization, etc. 

Any class except Print Queue, 
Print Server, Printer, User 

“Identification”; enter 
information in the fields. 

Change information about the 
object’s mailing address 

Organization, Organizational 
Role, Organizational Unit 

“Postal address”; enter 
information in the fields. 

Change the object’s login script 

Organization, Organizational 
Unit, Profile 

“Login script”; enter login script 
commands. 
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Table 2-9 Changing Other Object Property Values Using NETADMIN 


To 

Select this class of object 

Choose this option from the 
“View or Edit Properties of 
This Object” menu; then... 

Set up the object’s accounting 
information 

NetWare Server 

“Accounting”; choose 
“Submenus,” and enter 
information in the fields. 

Set up the object’s intruder 
detection lockout 

Organization, Organizational 
Unit 

“Intruder detection”; enter 
information in the fields. 

Set the object’s network 
address and protocol 

Computer 

“Other properties”; select 
“Network address” and press 
<Enter>, press <Insert> and 
select an address type, and then 
enter information in other fields. 

Change the list of other objects 
affiliated with this object 

Any class except Print Queue, 
Print Server, Printer, User 

“See also”; enter names of 
objects (or press <Insert> and 
select names from the list). 

Change the list of objects 
belonging to the Group 

Group 

“Group members”; enter names 
of objects (or press <Insert> and 
select names from the list). 

View the object’s volume time 
or usage information 

Volume 

“Volume statistics,” “Volume 
restrictions,” “Volume 
features,” or “Volume dates/ 
times”; enter information in the 
fields. 


7 To save your changes, press <F10>. 

8 Press <Esc> until you return to the “NetAdmin Options” menu. 

Additional Information 


For more information about 

Refer to 

Objects 

“Object” in Concepts 

Object properties 

“Property” in Concepts 
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For more information about 

Refer to 

Rights 

“Rights” in Concepts 

Using NETADMIN 

“NETADMIN” in Utilities Reference 
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Introduction 

This chapter provides an explanation of user types, the file access control 
system, and the NetWare® file system directory structure. 

The sections in this chapter provide step-by-step procedures to set up your 
network file system so that users can access the resources they need while 
keeping files secure. The following types of tasks are included. 

• How to enable hybrid user mapping 

• How to set up file limits 

• How users access files in NetWare or UNIX® mode 

• How to set up a directory stmcture 

• How to load operating systems and applications 

• How to manage files and directories 

• How to secure the file system 
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User Types 

On a NetWare 4.1/9000 NetWare Services server, three different types of 
users can work with files and directories in the file system: 

• HP-UX users have an HP-UX user account and not a NetWare user account. 
These users cannot access a NetWare server but can manage a NetWare server 
from HP-UX. 

• NetWare users have a NetWare user account and do not have an explicit HP-UX 
user account. 

• Hybrid users have both NetWare and HP-UX user accounts. These are the users 
who want to maintain access to the same files regardless of whether they are 
logged in to a NetWare account or an HP-UX account. 

Regardless of your user type (unless you are a hybrid user), when using 
NetWare Services to access files and directories, it is strongly recommeded 
that all users be set up as hybrid users. Otherwise, HP-UX users can access 
and modify HP-UX files as if they owned them. 

HP-UX Users 

HP-UX user accounts provide limited NetWare server administration such 
as installing NetWare Services, installing NetWare Directory Services™ 
(NDS™), repairing NDS, setting up volumes, and so on. To use these 
administration tasks, you must be the System Owner on HP-UX and have 
permission to administer a NetWare server. (Root and the System Owner are 
given permission to administer NetWare Services when it is installed.) 

When NetWare Services is installed and the hybrid user feature is not 
enabled on HP-UX, the following HP-UX accounts are used for all NetWare 
users but do not have hybrid user status: 

• nwroot is used by the NetWare ADMIN and server processes 

• nwuser is used by all NetWare users 

Since NetWare Services runs as a privileged process, NetWare Services has 
the right to set a file’s owner, group, and permission mask. All files created 
by NetWare users are owned by nwuser, assigned to nwgroup, and assigned 
the urnask permission mask defined in NetWare Setup on HP-UX. 
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Considerations for NetWare UNIX Client (NUC) Users 

NUC users can log in to a NetWare server either through the HP-UX server 
console or by using nwlogin and nwlogout at the HP-UX command line (see 
System Owner Handbook for information). The NetWare volumes can be 
accessed from the HP-UX server console, from the automounter, or from the 
command line using mount. 

We suggest that HP-UX users who will be using HP-UX or NetWare servers 
be set up as hybrid users. This ensures that they are the owners of the files 
they create; otherwise, nwuser is the owner. 

Note the following items: 

• UNIX mode volumes allow you to use your permissions if you are the owner. 
With NetWare mode volumes, if you are the owner, you are not granted 
privileges other than your effective rights. 

• As shown in the examples in UNIX mode, files created by nonhybrid users are 
owned by every other user with equal (nonhybrid) permissions. Your files can, 
therefore, be opened and modified by other users. For the security of users, we 
suggest that when using UNIX mode, you set users up as hybrid users. 

The NUC adopts the following rules for files and directories: 

• The NUC attaches mapped IDs (from the /etc/netware4/nwusers file or the 
default nwuser and nwgroup for nonhybrid users) on the inode when the file or 
directory is created in the HP-UX file system. 

• When checking files and directories, if the NetWare login ID maps to the ID on 
the inode, it displays the user’s HP-UX UID and GID as the owner. 

The following scenerios in Table 3-1 may help you to understand how users 
are seen from NUC: 


NUC Behavior 


User Type 

ID on the 

Inode 

Ownership as 
Seen from 
NUC 

Action 

Performed by 
NUC 

1. Hybrid User 1 

Mapped IDs of 
the Hybrid User 

Native IDs 

Creates a file and 

lists the file for 
ownership. 
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NUC Behavior 


User Type 


ID on the 
Inode 


Ownership as 
Seen from 
NUC 


Action 

Performed by 
NUC 


2. Hybrid User 2 

Not applicable 

Mapped IDs of 
the Hybrid User 

Lists the file for 
ownership as 
created by Hybrid 
User 1. 

3. Nonhybrid User 1 

nwuser, 

nwgroup 

Native IDs 

Creates a file and 

lists the file for 
ownership. 

4. Nonhybrid User 2 

Not applicable 

Native IDs 

Lists the file 
created by 
Nonhybrid User 

1 . 


NetWare Users 

NetWare user accounts provide all of the usual NetWare administration and 
file and directory rights known to native NetWare users. NetWare users do 
not have privileges on HP-UX accounts unless they are a hybrid user. 

Hybrid Users 

Hybrid user is the feature that allows coordination between a NetWare user 
account and an HP-UX user account. This feature allows a user to access or 
own the same files regardless of whether he or she logs in as an HP-UX user 
or as a NetWare user. 

Without the hybrid feature, users with both NetWare and HP-UX accounts 
would lose access to files they create in either account while logged in with 
the other account. This is because NetWare has no knowledge of HP-UX 
user accounts and HP-UX has no knowledge of NetWare user accounts. 

When HP-UX users log in and create files, they maintain rights to the files 
they create because they are the owner of the files. When NetWare users log 
in and create files, they maintain rights to the files because of trustee 
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assignments. However, during the creation process, NetWare Services is 
required to assign a HP-UX owner to the file in order to store it on any type 
of HP-UX file system. 

NetWare Services uses nwuser, or it uses nwroot if the user on a NetWare 
server is ADMIN or Supervisor. The hybrid feature solves this problem by 
mapping the NetWare account to the HP-UX account so that when a 
NetWare user creates a file, the HP-UX UID becomes the owner of the file. 

When HP-UX users log in to a HP-UX user account, they are denied access 
to the files they created as NetWare users because nwuser owns those files; 
their HP-UX account does not. 

Setting Up a Hybrid User 

Hybrid users are set up in SAM in HP-UX. See System Owner Handbook for 
information. 

The tasks in this section allow the system administrator to enable hybrid user 
mapping for NetWare and HP-UX users. 

What Happens When Hybrid User Is Active? 

Table 3-2 shows the value stored in the User ID (UID) and Group ID (GID) 
fields for a connection when the hybrid user feature is disabled and enabled. 


UID/GID Values 


Action 

UID 

GID 

Not logged in (user) 

nobody (can access 
SYS: LOGIN) 

nogroup 

Not logged in (server 
process) 

nwroot 

nwgroup 

NetWare user logged 
in; user not a hybrid 

user 

nwuser (users) 

nwroot (admin) 

nwgroup 

nwgroup 

Hybrid user logged in 

HP-UX UID 

UNIX user group 
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Allowing NetWare Users without Hybrid User Mapping 

This section discusses how to enable a hybrid user to be assigned to a 
NetWare user who does not have hybrid user mapping. 

The hybrid user feature is enabled and logins are synchronized by default. 

Prerequisites 

• Hybrid user account set up in SAM 

• Superuser permission to use SAM 

Procedure 

1 Under Admin Tools aunder HP-UX, double-click on NetWare_Setup in the 
Networking folder. 

2 Double-click on NetWare Server. 

3 Double-click on Hybrid Users. 

4 Set the following variable in the “Hybrid Users” window as appropriate. 


Hybrid Users 

Variables 


Must All Users Be Hybrid Users? 
Allow Processes to Assume Hybrid User IDs? 


) Yes C No 
Yes C No 


Description 

Determines whether all NetWare users must also be hybrid users. If set to No, 
NetWare users who do not have a mapping in the /etc/netware/nwusers file use 
the nwuser account. If set to Yes, all NetWare users must have a mapping or else 
they cannot log in. This parameter is used only when the "Enable Hybrid Users" 
parameter is set to Yes. 


OK_j R eset _| Cancel | Help 


Hybrid Users 

Must All Users Be Hybrid Users? This variable requires that all users who log in 
have an explicit hybrid user mapping to an HP-UX user. “Yes” means a hybrid 
user has mapping to an HP-UX user. The default is No. 
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Allow Processes to Assume Hybrid User IDs? This variable determines whether 
the NetWare processes use the UID or GID for the hybrid user when processing 
an NCP request. This is only required when a NetWare volume uses NFS to 
access files from remote HP-UX machines. The default is No. 

5 Click OK. 
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File Access Control 

In NetWare, trustee assignments are used to grant access to files and 
directories; these assignments are part of the file system. In NetWare 
Services, trustee assignments are kept in a separate, per-volume database in 
the volume’s control directory. 

Since NetWare Services is a process running on HP-UX, NetWare 
administrators can select how they want the NetWare trustee assignments 
and the HP-UX permissions to interact with each other in granting access. 

NWS _Volume_Setup in NetWare Setup allows the network administrator to 
set variables for specific volumes or for volumes system-wide (see 
Chapter 7, “Maintaining the NetWare Server”), 

Table 3-3 describes the possible modes. 

Table 3-3 File Access Control Modes 


Value 


Description 


None 

All NetWare users are granted full access to all files and directories as if they 
had Supervisor rights. There are no access controls. See “Using Neither 

NetWare Nor HP-UX for File Access Control” in this chapter for more 
information. 

NetWare 

NetWare-only enforcement. NetWare trustee assignments and file attributes 
control a NetWare user’s access to files and directories. File system security 
must be set up with NetWare utilities such as RIGHTS and NETADMIN. The 
HP-UX permissions are ignored. See “Using NetWare Only for File Access 
Control” in this chapter for more information. 

UNIX 

UNIX-only enforcement. HP-UX permissions control a NetWare user’s access 
to files and directories. Trustee assignments are ignored and NetWare rights are 
granted according to HP-UX permissions. File system security must be set up 
with HP-UX utilities such as chrnod, chown, and chgrp. See “Using HP-UX 

Only for File Access Control” in this chapter for more information. 
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Table 3-3 File Access Control Modes 


Value 


Description 


Both Both NetWare and HP-UX enforcement. Both NetWare trustee assignments and 

HP-UX permissions control file and directory access. File system security must 
be set from both NetWare and HP-UX. See “Using Both NetWare and HP-UX 
for File Access Control” in this chapter for more information. 


The mode affects the performance of the Standard file system volumes. The 
“NetWare” and “None” modes are the fastest for the Standard file system 
volumes. The “UNIX” and “Both” modes are the slowest because they 
require more synchronization with the HP-UX file system. This slowness is 
most noticeable on directory searches and listings and increases with 
directory depth. 

File Ownership 

File ownership is dependent upon which user ID (UID) and group ID (GID) 
owns the files that are created by NetWare clients. 

HP-UX UIDs and GIDs on a file are important only if 

• UNIX access control is used 

• The administrator wants to support hybrid users 


Using Neither NetWare Nor HP-UX for File Access Control 

When “None” is selected as the mode for file access control, NetWare 
Services ignores all file access checks. NetWare Services does not check the 
trustee database for trustee assignments, nor does it check NetWare file 
attributes. 

Since NetWare Services runs as a privileged process, it can also ignore the 
HP-UX permissions. NetWare Services does not check to see if the user has 
permission as the owner, a member of the group, or other. 

Volume options contain the only check NetWare Services makes when the 
“None” mode is set. If the Read-Only option is set, NetWare Services allows 
users read-only access to files. 
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Using NetWare Only for File Access Control 

When “NetWare” is selected as the mode for file access control, rights 
checking is the same as it is on native NetWare. NetWare Services checks 
that the user has NetWare rights to the file or directory and that the NetWare 
file and directory attributes allow the action. Figure 3-2 illustrates this 
process. 


Start here 



Grant 

access 


Figure 3-2 NetWare Security Checks 

If NetWare is the access control mode, the FIP-UX permission bits are not 
checked at all. For client access, if files owned by Root are placed in the 
NetWare volume and NetWare rights allow the user to access the file, the 
user is allowed access. 


NOTE: Remember that if the access control mode is NetWare, HP-UX file ownership and 

permissions are meaningless. HP-UX users creating files in NetWare volulmes may 
allow NetWare clients unintended access. 


Trustee Rights 

NetWare must calculate a user’s effective rights, or rights the user can 
exercise, to each file and directory. This is because effective rights are 
determined by a combination of the Inherited Rights Filter, trustee 
assignments, and security equivalences. 

The following basic rules arc used: 

1 NetWare Services compiles a list of object IDs for the user and the user’s 
equivalencies (groups and other users). 
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2 If the user is the NetWare administrator or equivalent, the user is granted all rights 
to the file or directory. 

3 NetWare Services scans up the tree from the node in question, looking for a 
trustee assignment granted to each object ID. 

4 If one of the object IDs has been granted the Supervisor right, the user is granted 
all rights to the file or directory. 

5 If the trustee assignment is for the node in question, the user is granted those 
rights. 

6 If the trustee assignments are above the node in question, NetWare Services 
checks that rights are on in the trustee assignments and the rights in the IRFs. 
NetWare Services then allows these rights to be used by the user. 

If multiple trustee assignments have been granted to an object ID in a branch of 
the tree, NetWare Services uses the trustee assignment closest to the node in 
question for all rights except the Supervisor right. 

NetWare Services searches to the root of the volume to verify whether the 
Supervisor right has been granted. Since the Supervisor right cannot be revoked 
except in the directory where it was granted, this right overrides trustee 
assignments in lower directories, as well as modifications to Inherited Rights 
Filters. 

Volume, File, and Directory Attributes 

NetWare Services has one volume attribute, Read-Only. It overrides any HP- 
UX permissions that would allow NetWare users to write to or create files in 
the volume. 

NetWare has a number of file and directory attributes (Delete-Inhibit, Read- 
Only, Rename-Inhibit, and so on) which are enforced for NetWare users. 

File Access Control Utilities 

Since only NetWare is used to control file access, all client access control 
must be set up with the NetWare utilities (such as NETADMIN, NetWare 
Administrator, FILER, RIGHTS, or FLAG for attributes). NetWare utilities 
should also correctly display the user’s effective rights. 
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Using HP-UX Only for File Access Control 

When “UNIX” is selected as the mode for file access control, the HP-UX 
permission bits are used to calculate effective NetWare rights to a file or 
directory. Each NetWare Services user has a UID and a GID and these are 
compared with the file or directory’s UID and GID. The UID and GID are 
established by default or through the hybrid user feature. 

Figure 3-3 illustrates this process. 



ft ^ 

Grant 

access 

v V 


Figure 3-3 HP-UX File Access Control Checks 

NetWare Services users can have a match on more than one UID. The UID 
matches under the following conditions: 

• The NetWare user’s hybrid UID matches the file’s (or directory’s) UID. 

• The file's (or directory’s) UID is nwuser and the user is logged in. 

• The file’s (or directory’s) UID is nwroot and the user is logged in to the NetWare 
server as the network administrator. 

If the user’s hybrid UID is 0 (Root), the user is granted all HP-UX rights to 
the file or directory, regardless of HP-UX permission bits. Some NetWare 
rights are still restricted (namely. Supervisor and Access Control, which 
allow users to grant NetWare trustee assignments). 
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The GIDs match under the following conditions: 

• The NetWare user’s hybrid GID matches the file’s (or directory’s) GID. 
Although HP-UX allows a user to belong to more than one group, currently only 
the HP-UX user’s primary group is used, the GID obtained with getpwnam (). 
All other group GIDs are ignored. 

• The file's (or directory’s) GID is nwgroup and the user is logged in. 

The rights granted are determined by the HP-UX permission bits for the 
UID, GID, or Other. These HP-UX permission bits are translated into 
NetWare rights. 

Two NetWare rights. Supervisor and Access Control, are never granted, 
since granting them would imply that the user can use NetWare trustee 
assignments to control access. With “UNIX” as the mode for file access, 
access control changes must occur from HP-UX. 

Table 3-4 shows how HP-UX rights are translated to NetWare rights. 

Table 3-4 Translating HP-UX Permissions to NetWare Rights 


HP-UX Permissions 

NetWare Effective Rights 

Parent Directory 

File or Directory 

File 

Directory 


Any 

No Rights 

No Rights 

r 

Any 

No Rights 

No Rights 

rw 

Any 

No Rights 

No Rights 

wx 

Any 

No Rights 

No Rights 

X 

Any 

No Rights 

No Rights 

w 

Any 

No Rights 

No Rights 

wx 

Any 

No Rights 

No Rights 

rwx 


CEF 

No Rights 

rwx 

r 

R CEF 

No Rights 

rwx 

rw 

RWCEF 

RWCEF 

rwx 

rwx 

RWCEF 

R EF 
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Table 3-4 Translating HP-UX Permissions to NetWare Rights 


HP-UX Permissions 

NetWare Effective Rights 

Parent Directory 

File or Directory 

File 


Directory 

rwx 

r x 

R CEF 

No Rights 

rwx 

w 

WCEF 

No Rights 

rwx 

wx 

WCEF 

No Rights 

rwx 

X 

CEF 

No Rights 

r x 

— 


F 

No Rights 

r x 

r 

R 

F 

No Rights 

r x 

rw 

RW 

F 

No Rights 

r x 

rwx 

RW 

F 

RWC F 

r x 

r x 

R 

F 

R F 

r x 

w 

W 

F 

No Rights 

r x 

wx 

w 

F 

No Rights 

r x 

X 


F 

No Rights 


Keep these rules for granting rights in mind: 

• The File Scan right is given only if the directory has r and x permissions. In the 
parent directory, a user must have the x permission to access a subdirectory and 
r and x permissions to have any NetWare rights. 

• The Modify right is given only if the user is the owner of the file and the parent 
directory has the Create right (HP-UX permission bits rwx are set in the parent 
directory). 

• The Supervisor and Access Control rights are never granted. 

• The Erase right is removed if the user is not the owner of the file or directory and 
the parent directory has the HP-UX sticky permission bit. 
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Additional Rules 

In addition to mapping UID and GIDs and converting HP-UX permissions 
into NetWare rights, the following rules are used to determine HP-UX 
access to a file or directory: 

• Attached NetWare users always have Read and Execute rights to the files in the 
SYS:LOGIN directory and any subdirectories. 

• The path from the volume mount point is used to calculate access to a file or 
directory. HP-UX permissions above the volume mount point are ignored. 

• To access a file or directory, a user must have the x permission in all directories 
from the volume mount point to the current directory in question. 

For the user to access a file in the current directory, the user must have r and x 
permissions to the current directory, as well as some file permissions. 

Volume, File, and Directory Attributes 

NetWare Services has one volume attribute, Read-Only. It overrides any HP- 
UX permissions that would allow NetWare users to write to or create files in 
the volume. 

NetWare has a number of file and directory attributes: Delete-Inhibit, Read- 
Only, Rename-Inhibit, and so on) which are enforced for NetWare users. 

Hybrid Variables 

The hybrid variables affect the HP-UX enforcement of the permission bits. 

Hybrid users are granted rights to files and directories that match with their 
hybrid UID and GID as well as to all files and directories owned by nwuser 
or nwgroup. 

Since NetWare users who are not hybrid users use nwuser and nwgroup as 
their default UID and GID, all files and directories that these users create are 
accessible to all hybrid users. 

If this is a security problem, you can set the “Hybrid Allow Default User” 
variable in NetWare Setup to “No.” This forces every NetWare user to be a 
hybrid user in order to log in to the NetWare server. But it also allows all the 
HP-UX files and directories created from NetWare to be owned by the HP- 
UX user who created them. 
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If the NetWare volumes are NFS-mounted, set the “Allow Processes to 
Assume Hybrid User IDs?” variable in NetWare Setup to Yes. 

Forcing all NetWare users to be hybrid users is the best method of enforcing 
security with the “UNIX” mode for file access. In this mode, all NetWare 
users should have sufficient rights to the files and directories that they create 
to control access from HP-UX. 

File Access Control Utilities 

Since neither the Supervisor or the Access Control right is ever granted on 
volumes with HP-UX-made access control, all the NetWare utilities (FILER, 
NetWare Administrator, NETADMIN, and RIGHTS) that allow users to 
make trustee assignments will return with an insufficient rights error. 
Therefore, even the NetWare administrator has insufficient rights to make 
trustee assignments. 

Changes to NetWare rights must be done from HP-UX using HP-UX 
utilities. Hybrid users on DOS workstations can use NVT2™ (Novell 
Virtual Terminal™ 2) through Host Presenter to access the HP-UX side of 
the NetWare Services server and change permissions. 

OS/2* clients can use NVT2 from a DOS session. For more information, see 
Terminal Emulators for DOS/Windows. 

The NetWare utilities that display a user’s rights should accurately display 
the user’s effective rights as they have been translated from the HP-UX 
permissions. 

Using Both NetWare and HP-UX for File Access Control 

When “Both” is selected as the mode for file access control, the user must go 
through a two-operating-system check: 

• NetWare must allow the access. If NetWare denies the access, the user cannot 
access the file or directory from NetWare. 

• HP-UX must also allow the access. If the HP-UX permissions have been changed 
so that the NetWare user does not have permission to access to the file or 
directory, the user cannot access the file or directory from NetWare. 

Figure 3-4 illustrates this process. 
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Figure 3-4 NetWare and HP-UX File System Security Checks 

NetWare Services calculates the rights for both NetWare and HP-UX. 

Once the rights are calculated for both systems, the right is granted only if 
both systems allow it. See Table 3-4 for information on how HP-UX 
permissions are translated to NetWare rights. 

Three NetWare rights—Supervisor, Modify, and Access Control—do not 
match any HP-UX permissions. These rights are granted under the following 
conditions: 

• The Supervisor and Access Control rights are granted from NetWare and the 
hybrid UID matches the HP-UX UID. 

• The Modify right is granted from NetWare, the hybrid UID matches the HP-UX 
UID, and the user has the w (Write) permission in the parent directory. 

File Access Control Utilities 

The NetWare Services product access routines check both NetWare rights 
and HP-UX permissions before returning NetWare rights information. 

NetWare and HP-UX utilities should display valid rights information except 
for the Supervisor right. It is possible for a user to have the Supervisor right 
and not have all rights to the file. 
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Figure 3-5 


Setting Up Files 

This section discusses how to set your default umask, enable host locking, 
and specify the number of open files allowed on a server. 

Prerequisites 

• Access to the server console 

• Superuser permission to use SAM 


Procedure 

1 Under Admin Tools at the HP-UX server console, double-click on 
NetWare_Setup in the Networking folder. 

2 Double-click on NetWare_Server. 

3 Double-click on Files. 

The “NetWare Server Files Setup” window appears. 






NetWare Server Files Setup 


Category: Basic □ | 


Variables 


Maximum Number of Open Files Jo 


File Default umask |l02 
Enable Host Locking? QYes C~~ No 
File Access Control Mode netware _j I 


Description 





OK Reset Cancel Help 





^Specifies the maximum number of unique files that can be opened simultaneously for all 
NetWare users. Because the NetWare server employs shared file descriptor technology, 
multiple opens of the same file by one or more NetWare users are counted as only one 
true open file. If this parameter is set to zero, then the formula ("Maximum Number of 
Connections" x 4) + 1 0 is used to calculate this value. 


File Configuration 

4 Set the following variables, as appropriate. 
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Basic. The Basic category shows the most commonly changed HP-UX file 
configuration variables. 

Maximum Number of Open Files. This variable specifies the maximum 
number of simultaneous open files allowed on a server. 

File Default umask. This variable specifies the host umask used to reduce 
host permissions on files created by NetWare users. The supported values are 
octal 0000 to 0777. The default is 0002 which assigns rwx permissions to the 
owner of the file. 

Enable Host Locking? This variable specifies whether the NetWare byte 
range locks are mirrored on the HP-UX file system. “Yes” means any 
NetWare byte range lock is reflected as a HP-UX byte range lock on the entire 
file. “No” means the NetWare byte range lock is not reflected as a HP-UX 
byte range on the entire file. The default is No. 

Advanced. The Advanced category shows and allows you to change the less 
commonly used file configuration variables. 

Threshold for Purging Deleted File Entries. This variable specifies the 
number of deleted file entries that must exist in a directory if it is purged. By 
default, the value of the nwcm utility’s npfs_directory_purge_threshold is 
used. The value can be overridden on a volume-to-volume basis using the 
voltab file. Smaller values cause deleted files to be purged more often. Larger 
values cause deleted files to be purged when the usinodes file is full. The 
default is 32. 

Minimum Wait between Directory Synchronizations. This variable specifies 
the minimum number of seconds that will elapse between directory 
synchronization operations. By default, the 

npfs_directory_min_sync_interval is used. The value can be overridden on a 
volume-to-volume basis using the voltab file. The default is 10. 

Maximum Wait between Directory Synchronizations. This variable specifies 
the maximum number of seconds that will elapse between directory 
synchronization operations. By default, the nwcm utility’s 
npfs_directory_mandatory_sync_interval is used. The value can be 
overridden on a volume-to-volume basis using the voltab file. If the 
“Minimum Wait between Directory Synchronizations” variable is set higher 
than this value, “Minimum Wait between Directory Synchronizations” value 
is ignored. The default is 900. 

5 Click OK. 
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Planning Directory Structures 

Understanding how NetWare and HP-UX rights and permissions are 
translated makes file-system organization easier when administering the 
NetWare network. Read the following sections before planning your 
directory structure. 

You should understand the differences between these types of directories: 

• System-created directories 

• Workstation operating-system directories 

• Application directories 

• Data directories 

Figure 3-6 shows a sample directory structure. 


Volume 

PAYABLES 


DATA 


C TRANSFER 
ACCOUNTS 



ENGLSH* 

4 * 

ENGLSH* 

ENGLSH* 


Figure 3-6 


Sample Network Directory Structure 
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System-Created Directories 

During NetWare Services installation, some directories are created 

automatically. 

• SYS:ETC contains sample files to help you configure the server. 

• SYS:LOGIN contains the programs necessary for users to log in to the network, 
such as LOGIN.EXE. The SYS:LOGIN directory has a subdirectory named NLS 
that contains subdirectories for each supported language of login message files. 

• SYS:MAIL may or may not contain subdirectories or files. The SYS:MAIL 
directory may contain mail programs used by NetWare. 

• SYS:SYSTEM contains NetWare operating-system files as well as NetWare 
utilities and programs for the supervisor. The SYS:SYSTEM directory also has 
an NLS subdirectory, containing subdirectories for each supported language of 
message files. 

• SYS:PUBLIC allows general access to the network and contains NetWare 
utilities and programs for network users. Like SYS:LOGIN, SYS:PUBLIC has a 
an NLS subdirectory containing the message files for utilities. 

• SYS:DOC contains electronic versions of the NetWare Services manuals. This 
directory is created if you install DynaText.* See Installation Handbook for 
information. 


Workstation Operating-System Directories 

You may want to put the workstation operating-system files on the network 
to save workstation disk space or to make diskless workstations possible. 

Since the workstation operating-system files do not normally change, you 
can keep them on one set of backup diskettes and then skip these directories 
when doing network backups. 

For information about loading operating system software on a network, see 
“Loading Operating Systems and Applications onto the Network” in this 
chapter. 

Application Directories 

For ease of management, you should keep application files in a different 
directory than data files. 
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Since the application programs do not normally change, you can keep one 
set of application files on backup diskettes and then skip the application 
directories when doing network backups. 

For more information about loading applications on the network, see 
“Loading Operating Systems and Applications onto the Network” in this 
chapter. 

Data Directories 

Data directories can include work areas where groups or users keep work 
files. You can also create a directory to serve as a transfer point for copying 
files to and from various areas of the network. 
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Creating Directories and Copying Files 

After you plan your directory structure for each NetWare volume, you can 
create directories and subdirectories to organize data and applications. (If 
you have not created the volume, see “Maintaining Volumes” in Chapter 7.) 

You can use one of several tools to divide a NetWare volume into 
directories, for example, use NetWare Administrator, or FILER, or MKDIR 
(MD) to do this. 

Two methods of creating directories and copying files (NetWare 
Administrator and FILER) are documented in this section. 

Creating Directories Using NetWare Administrator 

Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Create right to the parent directory of the new directory 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 Using the browser, select the directory to be the parent directory of the one you 
want to create. 

To create a root directory, select the Volume object. For more about moving 
around in the browser and selecting objects, choose “Help” from the menu bar. 

For a list of directories and files on a volume, select “View/Set Context” and 
specify the volume name. 

3 From the “Object” menu, choose “Create.” 

4 Enter the name for the new directory in the “Create Directory” dialog box. 

5 (Optional) If you want to enter properties for the directory, choose “Define 
Additional Properties.” 

Choose this item to assign properties to the new directory now. You can add or 
modify properties after the directory is created. Properties include items such as 
tmstees and access rights. 
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6 (Optional) To create another directory immediately after this one, choose “Create 
Another Directory.” 

7 To create another directory with the name you entered, choose “Create.” 

The new directory is created. You are returned to the browser. 


Additional Information 


For more information about 

Refer to 

Assigning directory and file 

“Making the File System Secure and 

rights 

Accessible” in this chapter 

Directories for workstation 
operating systems 

“File system” in Concepts 

Filesystem rights 

“Attributes,” “Effective rights,” 

“Inherited Rights Filter,” “Rights,” and 
“Security” in Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 

Reference 


Creating Directories Using FILER 

Prerequisites 

• A workstation running DOS 3.30 or later and FILER 

• A minimum of 512 KB of memory available on the workstation 

• The Create right to the parent directory of the new directory 

Procedure 

1 At the DOS prompt, type 
FILER <Enter> 

A list of available options appears. 

Your current context. Volume object, and path are shown in the upper left corner 
of the screen. Make sure you are in the correct location in the Directory tree 
when you create the new directory. 

2 Select “Manage Files and Directories.” 

The “Directory Contents” list appears. 


3-25 



Managing the NetWare Services File System 

Creating Directories and Copying Files 


3 Find and select the volume, directory, or subdirectory in which you want to create 
a new directory by completing the following steps: 

• If the item you want appears on the list, select it and press <Insert>. 

• If the item is not on the list, browse a directory by selecting it and pressing 
<Enter> until you see the item you want. Select it and press <Insert>. 

• If you cannot find what you want, check the Volume object name in the upper 
left corner of the screen. If you are in the wrong volume, you can change it by 
returning to the “Available Options” menu and choosing “Select Current 
Directory.” 

4 When you are prompted, type the name of the new directory and press <Enter>. 

The directory or subdirectory is created. After you create it, you can change 
default attributes, assign rights, and make trustee assignments for the directory 
or subdirectory. 

5 To exit, press <Esc> until the menu you want appears. 


Additional Information 


For more information about 

Refer to 

Assigning directory and file 

“Making the File System Secure and 

rights 

Accessible” in this chapter 

Filesystem rights 

“Understanding File and Directory 

Rights” on in this chapter 

“Attributes,” “Effective rights,” 

“Inherited Rights Filter, ” “Rights,” and 
“Security” in Concepts“Adding a Trustee 
to a Directory or File” in this chapter 

Using FIFER 

“FIFER” in Utilities Reference 


Copying or Moving Files Using NetWare Administrator 

Prerequisites 

• A 386 or later workstation and NetWare Administrator. 

• The File Scan right to the source directory and the Create right to the destination 
directory. In addition, to move files (delete them from the source directory), you 
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need the Erase right. 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 Using the browser, select the directory and then select one or more files in that 
directory that you want to copy or move. 

To select multiple files, press <Ctrl> on the keyboard while clicking on the files. 

For information about moving around in the browser and selecting objects, 
choose “Help” from the menu bar. 

3 From the “Object” menu, choose “Move” or “Copy.” 

A list appears of the files you selected. 

4 From the “Operation” dialog, select either “Move” or “Copy.” 

5 Choose the browser button next to the “Destination” field. 

6 Using the browser, select a directory in a volume for the destination of the 
directories or files. 

7 Choose “OK.” 

The destination directory is listed in the “Destination” field. 

8 Choose “OK.” 


The listed files are copied or moved to the destination directory. 

Additional Information 


For more information about 

Refer to 

Filesystem directories and 

“Directory structure, file system” in 

files 

Concepts 

Filesystem rights 

“Understanding File and Directory 

Rights” in this chapter 

“Attributes,” “Effective rights,” 

“Inherited Rights Filter, file system,” 
Rights,” and “Security” in Concepts 
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For more information about 

Refer to 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 

Reference 


Copying or Moving Files Using FILER 

Prerequisites 

• A workstation running DOS 3.30 or later and FILER. 

• A minimum of 512 KB of memory available on the workstation. 

• The File Scan right to the source directory and the Create right to the destination 
directory. In addition, to move files (delete them from the source directory), you 
need the Erase right. 

Procedure 

1 At the DOS prompt, type 
FILER <Enter> 

A list of available options appears. 

Your current context. Volume object, and path are shown in the upper left corner 
of the screen. 

2 Select “Manage Files and Directories.” 

The “Directory Contents” list appears. 

3 Find the volume, directory, or subdirectory that contains the source files. 

Browse the directory structure by selecting a directory or subdirectory and 
pressing <Enter> until you see the directory or files you want to copy. 

If you cannot find the directory or files you want, check the Volume object name 
in the upper left corner of the screen. If you are in the wrong volume, you can 
change it by returning to the “Available Options” menu and choosing “Select 
Current Directory.” 

Depending on the operation you want to perform next, go to either Step 4 or 
Step 5. 

4 (Optional) To move or copy a directory or subdirectory and all its contents, 
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complete the following steps, 
a Select the directory and press <F10>. 

b Select the option you want from the “Subdirectory Options” menu. 

c At the prompt, type in the complete path to the destination directory, or press 
<Insert> to search for the destination directory. 

d Press <F10> to start the copy or move process. 

The progress of the transaction is shown in an information box. 

5 (Optional) To copy specific files, complete the following steps: 

a Select the directory containing the files and press <F5>. 

b Press <F5> to mark the files you want to copy. 

Browse the directory structure by selecting a directory and pressing <Enter> 
until you see the directory or files you want to copy. 

If you cannot find the directory or files you want, check the Volume object 
name in the upper left corner of the screen. If you are in the wrong volume, 
you can change it by returning to the “Available Options” menu and 
choosing “Select Current Directory.” 

c After all the files are marked, press <F10>. 

d From the “Multiple File Operations” menu, select “Copy Marked Files.” 
The “Copy Files To:” box appears. 

e Type in the complete path to the destination directory or press <Insert> to 
search for the destination directory. 

f Press <F10> to start copying the files. 


The progress of the transaction is shown. 

6 To exit, press <Esc> until the menu you want appears. 

Additional Information 


For more information about 

Refer to 

Directories and files 

“File system” in Concepts 

Filesystem rights 

“Understanding File and Directory 

Rights” in this chapter 
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For more information about 


Refer to 


“Attributes,” “Effective rights,” 
“Inherited Rights Filter,” “Rights,” and 
“Security” in Concepts 


Using FILER 


FILER” in Utilities Reference 
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Loading Operating Systems and Applications onto the 
Network 

You may want to load workstation operating system (OS) files on the 
network to save workstation disk space or to allow diskless workstations to 
log in to the network. This section explains the following tasks: 

• Loading DOS 

• Loading Windows 

• Loading other applications 

• Assigning trustee rights to OS and application directories 


Loading DOS onto the Network 

Prerequisites 

• A workstation running DOS 3.30 or later 

• The Supervisor or Create right to the directory where you want to load the 
application 

Procedure 

1 Create a directory in SYS:PUBLIC for each workstation type and version of DOS 
you will be using on your network. 

Name your directories according to the following convention: 

SYS:PUBLIC\machine\os_type\os_version 

For each directory, replace machine with the six-character machine name of the 
workstation (such as IBM_PC or COMPAQ). 

Replace os_type with the type of DOS you are using (such as MSDOS or 
DRDOS). Replace os_version with the DOS version number. 

For example, to install MS-DOS 5.0 on an IBM* PC, go to SYS:PUBLIC to 
create the DOS subdirectory. To use the DOS MD command, type the 
commands shown next (in order): 

MD IBM_PC <Enter> 

CD IBM_PC <Enter> 
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MD MSDOS <Enter> 

CD MSDOS <Enter> 

MD 50 <Enter> 

CD 50 <Enter> 

2 Load DOS. 

Follow the instructions in the DOS documentation to load the DOS software into 
the directory you created. 

3 In the system login script, map the second search drive to the DOS directory. 

If all users have the same types of computers and are using the same version of 
DOS, you will probably have only one DOS directory. In this case, add a line 
similar to the following, substituting the correct directory names: 

MAP S2:=SYS:PUBLIC\IBM_PC\MSDOS\50 

If your network has more than one DOS directory, use variables to indicate the 
directory path. These variables are replaced by the correct information from the 
workstation software when each user logs in. 

Enter the following command, exactly as shown, in the login script: 

MAP S2:=SYS:PUBLIC\%MACHINE\%OS\%OS_VERSION 

(The first search drive should be mapped to the PUBLIC directory so that users 
can access NetWare utilities.) So that the %MACHINE variable will work, make 
sure the long machine type is set in each station’s NET.CFG file. 

For example, a station might have the following line in its NET.CFG file: 

LONG MACHINE TYPE = IBM_PC 

4 Add COMSPEC to the container login script. 

Following is the proper syntax for the COMSPEC command: 

COMSPEC=Y:COMMAND.COM 

This command tells the workstation where to find the command processor. 


Additional Information 


For more information about 

Refer to 

Loading DOS on the network 

The DOS manual that came with your 
software 
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For more information about 

Refer to 

Login scripts 

Chapter 5, “Customizing the User 
Environment” 

Running DOS on a 
workstation 

NetWare Client for DOS/Windows User 
Guide 


Loading Windows onto the Network 

You can load Windows onto a network in several ways. 

• Load all Windows files on a user’s local hard drive. 

• Load Windows program files on the server, and load user fdes on local hard 
drives. 

• Load all Windows program and user files on the server. In most cases, this 
installation provides the easiest maintenance and most efficient use of resources. 

Instructions for the first two options are included in the documentation that 
came with your Windows software. Instructions for loading program and 
user files on the server are included in this section. 

Following are some advantages of having all Windows files installed on the 
server: 

• Program and configuration files are backed up and secure. 

• No hard disk is required on the user workstation. 

• The .INI and driver files for all users can be updated from one location. 

• Configuration files always match hardware. 

The only disadvantage of having all Windows files installed on the server is 
that it causes more network traffic. 

Files Needed for NetWare Functionality in Windows 

Use the following files to run Windows with NetWare functionality. These 
files are in the Workstation for DOS/Windows client kit that is installed with 
NetWare Services. 
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File 

Function 

NETWARE.DRV 

NetWare device driver. Contains executable code for 

NetWare-related functions. 

NETWARE.HLP 

Help file for NETWARE.DRV. 

NETWARE.INI 

Initialization file for NETWARE.DRV and other 
Windows utilities for NetWare. Automatically 
created by NETWARE.DRV. 

NWPOPUP.EXE 

Handler for broadcast messages. 

VNETWARE.386 

Virtual NetWare device driver. Performs 
virtualization among sessions when Windows is in 

386 Enhanced mode. 

VIPX.386 

Virtual IPX™ device driver. Virtualizes IPX 
communications among sessions when Windows is 
in 386 Enhanced mode. 


Guidelines for Running Windows on the Network 

Follow these guidelines for running Windows on the network: 

• Use a permanent swap file on a local hard drive, if possible; do not use network 
directories for swap files. If a local swap file is not possible, consider increasing 
RAM to a minimum of 8 MB. 

• Ensure that the RAM plus swap file size is at least 10 MB. 

• Remove Windows search drives from the workstation AUTOEXEC.BAT file. 

• If users are running DR DOS, make sure DR DOS files are dated 07 April 1992 
or later. 

• If users are running DR DOS, make sure their CONFIG.SYS files install 
EMM386.SYS and configure it for use with Windows. See your DR DOS manual 
or DR DOS online help for configuration information. 
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Loading and Setting Up Windows 
Prerequisites 

• A workstation running DOS 3.30 or later 

• The Supervisor or Create right to the directory where you are loading Windows 

• A licensed network copy of Windows 3.1 or later 

• 16 MB of available disk space 

• NetWare Client for DOS and Windows 

Procedure 

1 Install Windows server software using the SETUP /A option. 

For complete information about the Windows SETUP options and the 
installation procedure, see the documentation that came with your Windows 
software. 

2 Create a Group object for users who will be running Windows. 

For instructions on creating a Group object, see “Managing Group Objects” in 
Chapter 2. 

3 Make the Windows Group object a trustee of the Windows directory. 

For instructions on granting trustee assignments, see “Adding a Trustee to a 
Directory or File” in this chapter. 

4 Create a directory for each user to store user-specific Windows files. 

WIN.COM and files such as .GRP and .INI files are stored here. 

5 Add the following information to the system login script. 

An example of the syntax used for these login script entries appears at the end of 
this step. 

a Map a drive to the user-specific directories for the MS Windows group. 

b Map a search drive to the Windows directory for the MS Windows Group 
object. 

c Set the Windows TEMP directory to a subdirectory of the user directory. 

The following example shows the container login script entries you would add 
to set up Windows 3.1 on the network: 

IF MEMBER OF "WIN31" THEN 
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MAP INS P:=SYS:USERS\%LOGIN_NAME\WIN31 

MAP INS S16:=SYS:APPS\WINAPPS\WIN31 

SET TEMP = "P:\USERS\%LOGIN_NAME\WIN31\TEMP" 

END 

6 Set up the workstations by completing the following steps. 

a Change to the search drive mapped to the Windows directory. 

Enter the drive letter only. 

b Modify the user AUTOEXEC.BAT and CONFIG.SYS files by typing 
SETUP /N <Enter> 

Select the “Custom” option to make sure environment variables are correct. 
When Windows prompts for a path during setup, enter the drive letter 
instead of the path. 

c Install the NetWare Workstation for MS Windows software. 

Follow the instructions in NetWare Client for DOS/Windows User Guide to 
install the workstation software and update NetWare-specific files in the 
Windows directory. 

Additional Information 


For more information about 

Refer to 

Creating login scripts 

Chapter 5, “Customizing the User 
Environment” 

Installing Windows on the 
network 

The Windows manual that came with 
your software 

Running Windows on a 
workstation 

NetWare Client for DOS/Windows User 
Guide 


Loading Other Applications onto the Network 

You can load various types of network applications, such as word¬ 
processing or spreadsheet programs, to make them available to users. When 
loading applications, keep the following in mind: 

• You need the Create right in the directory where you will be loading the 
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application. 

• Follow the instructions in the application’s documentation for loading the 
application onto a network. 

• Make sure the application is designed for network (multiuser) use, and that you 
observe any licensing restrictions on the number of users who can access the 
application. 

• To allow users to access network-based applications, map search drives to the 
directories that contain these applications. To make these search drives 
permanent, place them in login scripts that are executed when users log in. 

• If the application requires that it be installed at the root of a volume but you would 
rather install it in a subdirectory for security reasons, you can map the directory 
to a fake root. To map a fake root directory, use the MAP ROOT command as 
explained in “MAP” in this chapter. 

• You can create a Directory Map object that points to an application directory. 
Directory Map objects are useful in login scripts—instead of mapping a drive to 


a specific directory path, you map a drive to a Directory Map object that points 
to a directory. 

If you change the directory path, you need to change only the Directory Map 
object’s definition. 

Additional Information 


For more information about 

Refer to 

Creating login scripts 

Chapter 5, “Customizing the User 

Environment” 

Mapping search drives and 
fake roots in login scripts 

“MAP” in Chapter 5 


Assigning Trustee Rights to Operating-System and Application 
Directories 

Application programs need a set of file system rights that make them 
available to users yet protect them from being corrupted. Keep the 
guidelines that follow in mind as you assign file and directory rights to 
executable, application, and program files. 
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When you are ready to assign file and directory attributes and rights, see 

“Making the File System Secure and Accessible” in this chapter. 

Use the FLAG utility to assign rights as follows: 

• Assign the Shareable and Read-Only attributes to application and workstation 
operating-system files. 

• Assign the Execute Only attribute to executable fdes for which you keep 
permanent backups. 

• Assign Read and File Scan rights to the User or Group objects that need to use 
the application. 


Additional Information 


For more information about 

Refer to 

Assigning file and directory 

“Changing Attributes of a Directory or 

rights 

File” in this chapter 

Understanding filesystem 

“Effective rights” and “Rights” in 

rights 

Concepts 

Using the FLAG utility 

“FLAG” in Utilities Reference 
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Creating and Using Directory Map Objects 

Directory map objects make it easier to find applications and files within a 
directory structure. You can create these objects by using either NetWare 
Administrator or NETADMIN. Both procedures are described in this 
section. 

How to Use Directory Map Objects 

A Directory Map object is an object that represents a particular directory in 
the file system. It can be especially useful in login scripts by indicating 
directories that contain applications or other frequently used files. 

By using a Directory Map object, you can avoid having to make changes to 
the login scripts. 

For example, if you have a directory that contains DOS 5.0, you will 
probably map a search drive to that directory in any login scripts you create. 

If you should later upgrade to DOS 6.0 and rename the directory, you would 
have to change the mapping in every login script where that search mapping 
appears. To do this, you would create a Directory Map object called 
CURRENT_DOS that points to the DOS directory 
SYS:PUBLIC\IBM_PC\MSDOS\5.0. 

Then in a MAP command in your login scripts, you would map a search 
drive to the Directory Map object rather than to the specific directory: 

MAP INS S2:=.CURRENT_DOS.SALES.ACME_US 

When users log in, their search drive is mapped to the CURRENT_DOS 
Directory Map object, which points to the directory containing DOS 5.0. 

Later, if you upgrade to DOS 6.0 and change the directory’s name to 
SYS:PUBLIC\IBM_PC\MSDOS\60, you would change only the Directory 
Map object to indicate the new path. 

You would not have to change the MAP command in the login script 
because it still indicates the correct Directory Map object. 
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Additional Information 

For more information about 

Refer to 

Creating login scripts 

Chapter 5, “Customizing the User 
Environment” 

Mapping drives to Directory Map 
objects in login scripts 

“MAP” in Chapter 5 

Using the MAP utility 

“MAP” in Utilities Reference 


Creating a Directory Map Object Using NetWare Administrator 

Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Create object right to the container where the Directory Map object will be 
created 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 From the browser, select the Organization or Organizational Unit object that will 
contain the Directory Map object. 

For information about moving around in the browser and selecting objects, 
choose “Plelp” from the menu bar. 

3 From the “Object” menu, choose “Create.” 

4 From the “New Object” dialog box, choose “Directory Map.” 

5 Choose “OK.” 

6 Enter the name for the Directory Map object in the space provided. 

7 In the “Volume” field, enter the name of the Volume to which this Directory Map 
object will point. 

You can either type in the complete name of the Volume object or choose the 
browser button to the right of the “Volume” field to browse for the Volume 
object. 

8 In the “Path” field, enter the path of the directory to which this Directory Map 
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object will point. 

You can type in the path, or you can choose the browser button to the right of the 
“Path” field to browse for the directory to which the Directory Map object will 
point. 

If the Directory Map Object will point to the root of the specified Volume, leave 
the “Path” field blank. 

9 (Optional) To define additional properties immediately after creating the 
Directory Map object, choose “Define Additional Properties.” 

10 (Optional) To create another Directory Map object immediately after this one, 
choose “Create Another Directory Map.” 

11 Choose “Create.” 

The Directory Map object is created. 

If you chose “Create Another Directory Map,” the Create dialog box appears. 

If you chose “Define Additional Properties,” the identification screen appears. 

Additional Information 


For more information about Refer to 


Directory Map objects 

“Directory Map object” in Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 


Creating a Directory Map Object Using NETADMIN 

Prerequisites 

• A workstation running DOS 3.30 or later and NETADMIN 

• A minimum of 512 KB of memory available on the workstation 

• The Create object right in the container where the Directory Map object will be 
created 

Procedure 

1 At the DOS prompt, type 

NETADMIN <Enter> 
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2 From the “NetAdmin Options” menu, choose “Manage Objects.” 

3 Find the Organization or Organizational Unit object that will contain the 
Directory Map object. 

Browse the Directory tree by selecting objects and pressing <Enter>. When you 
find the object that will contain the Directory Map object, select it and press 
<Enter>. 

4 Press <Insert>. 

5 From the “Select an Object Class” menu, choose “Directory Map.” 

6 Type the name for the Directory Map object and press <Enter>. 

7 In the “Volume Object Name” field, press <Insert>. 

8 Enter the name of the Volume object to which this Directory Map object will 
point. 

You can either type the Volume object’s complete name, or you can press 
<Insert> to browse through the Directory tree. 

9 In the “Path on Volume:” field, press <Insert>. 

10 Enter the path of the directory to which this Directory Map object will point. 

You can either type the full path or press <Insert> to browse through the file¬ 
system directory structure in the Volume defined in Steps 7 and 8; then press 
<Enter>. 

If the Directory Map object will point to the root of the specified Volume, leave 
the “Path” field blank and press <Enter>. 

11 From the “Name Spaces” box, select the type of name space for the volume and 
press <Enter>. 


12 To save the changes, press <F10>. 

Additional Information 


For more information about 

Refer to 

Directory Map objects 

“Directory Map object” in Concepts 

Using NETADMIN 

“NETADMIN” in Utilities Reference 
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Table 3-5 


Making the File System Secure and Accessible 

Ensuring filesystem security is essential when hundreds of thousands of 
users are accessing directories and files on a NetWare server daily. The 
following sections discuss how to add, delete, and modify owners, trustee 
rights, and attributes for directories and files. 

Understanding File and Directory Rights 

Filesystem security includes assigning trustee rights and setting file and 
directory attributes. These two types of security are discussed in the 
following sections. 

Trustee Rights 

Trustee rights are given to User objects, Group objects, or Organizational 
Role objects. These rights determine the access users may have to 
directories and files. These rights are explained in Table 3-5. 


Trustee Rights 


Right 

Allows object to 

Access Control 

Add and remove trustees and change rights to files 
and directories. 

Create 

Create subdirectories and files. 

Erase 

Delete directories and files. 

File Scan 

View file and directory names in the filesystem 
structure. 

Modify 

Rename directories and files and change file 
attributes. 

Read 

Open and read files; open, read, and execute 
applications. 

Supervisor 

Grant all rights listed in this table. 

Write 

Open, write to, and modify a file. 
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Directory and File Attributes 

Directory and file attributes assign properties to individual directories or 
files. Some are only meaningful when applied at the file level. Some apply to 
both the directory and the file levels. Not all attributes are supported on the 
NetWare server (see Table 3-6). 

Be careful when assigning directory and file attributes. Attributes apply to 
all users and can supersede trustee rights. 

For example, if you assign a file the Delete Inhibit attribute, no one, 
including the owner of the file or the system supervisor, can delete the file. 


Table 3-6 

Directory and File Attributes 


Attribut 

Description 

Applies to 

A 

Archive Needed identifies files that have been modified since 
the last backup. This attribute is assigned automatically. 

Files only 

Ci* 

Copy Inhibit prevents Macintosh* users from copying a file. 
This attribute overrides Read and File Scan trustee rights. 

Files only 

Dc* 

Don't Compress keeps data from being compressed. This 
attribute overrides settings for automatic compression of files 
not accessed within a specified number of days. 

Directories and files 

Di 

Delete Inhibit prevents the file or directory from being deleted. 
This attribute overrides the Erase trustee right. 

Directories and files 

Dm* 

Don't Migrate prevents files and directories from being 
migrated from the server’s hard disk to another storage 
medium. 

Directories and files 

Ds* 

Don't Suballocate prevents data from being suballocated. 

Files only 

H 

The Hidden attribute hides files and directories so they can’t be 
seen using the DIR command. A user with File Scan rights can 
use FILER or NDIR to list directories and files with the Hidden 

attribute. 

Directories and files 

1* 

Index allows large files to be accessed quickly by indexing files 
with more than 64 File Allocation Table (FAT) entries. This 
attribute is set automatically. 

Files only 
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Table 3-6 

Directory and File Attributes 


Attribut 

Description 

Applies to 

Ic* 

Immediate Compress sets data to be compressed as soon as a 
file is closed. If it is applied to a directory, every file in the 
directory is compressed as it is closed. 

Directories and files 

N 

Normal indicates the Read/Write attribute is assigned and the 
Shareable attribute is not. This is the default attribute 
assignment for all new files. 

Directories and files 

Ri 

Rename Inhibit prevents the file or directory name from being 
modified. 

Directories and files 

Ro 

Read Only prevents a file from being modified. This attribute 
automatically sets Delete Inhibit and Rename Inhibit. 

Files only 

Rw 

Read/Write allows users to write to a file. All files are created 

with this attribute. 

Files only 

Sh 

Shareable allows more than one user to access the file at one 
time. This attribute is usually used with Read Only. 

Files only 

Sy 

The System attribute hides the file or directory so it can’t be 
seen by using the DIR command. It can be seen if a user with 
File Scan rights uses FILER or NDIR. System is normally used 
with operating-system files, such as DOS system files. 

Directories and files 

T * 

Transactional allows a file to be tracked and protected by the 
Transaction Tracking System™ (TTS™). 

Files only 

X 

The Execute Only attribute prevents the file from being copied, 
modified, or backed up. The attribute cannot be removed 
unless the file is deleted. It does not allow renaming. Use the 
attribute for program files such as the .EXE or .COM files. 

Make a copy of a file before you flag it Execute Only, so you 
can replace the file if it becomes corrupted. 

Files only 


* Not supported by NetWare Services, even though it may be set. 


Adding a Trustee to a Directory or File 

You can add a trustee to a directory or file using either NetWare 
Administrator or FILER. Both procedures are described in this section. 
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Adding a Trustee Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Access Control right to the file or directory to which you want to add the 
trustee 

Procedure 

1 From the Windows Program Manage, click on the “NetWare Administrator” 
icon. 

2 Using the browser, select the directory or file to which you want to add a trustee. 

For information about moving around in the browser and selecting objects, 
choose “Help” from the menu bar. 

3 From the “Object” menu, choose “Details.” 

4 From the “Identification” page, choose “Trustees of This Directory.” 

5 From the “Trustees of This Directory” page, choose “Add Trustee.” 

6 Select a trustee from the list. 

If the object does not appear in the list, browse the Directory tree to find the 
object that you want to make a trustee of the file or directory. 

7 Choose “OK.” 

8 To grant rights to the trustee name, mark the appropriate check boxes below the 
trustee. 

9 To return to the browser, choose “OK.” 

Additional Information 


For more information about 

Refer to 

File-system rights 

“Trustee Rights” in this chapter 

Trustees 

“Trustee” in Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 
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Adding a Trustee Using FILER 
Prerequisites 

• A workstation running DOS 3.30 or later and FILER 

• A minimum of 512 KB of memory available in the workstation 

• Access Control right to the file or directory to which you want to add the trustee 

Procedure 

1 At the DOS prompt, type 
FILER <Enter> 

A list of available options appears. 

Your current context. Volume object, and path are shown in the upper left corner 
of the screen. 

2 Select “Manage Files and Directories.” 

The “Directory Contents” list appears. 

3 Find and select the file or directory you want. 

• If the item you want appears in the list, select it and press <F10>. 

• If the item is not in the list, browse a directory by selecting it and pressing 
<Enter> until you see the item you want. Select it and press <F10>. 

• If you cannot find the directory you want, check the Volume object name in 
the upper left corner of the screen. If you are in the wrong Volume, you can 
change it by returning to the “Available Options” menu and choosing “Select 
Current Directory.” 

4 Select “View/Set File [or Directory] Information” and press <Enter>. 
Information for that file or directory appears. 

5 Use the arrow keys to move to the “Trustees” field and press <Enter>. 

A list of trustees for that file or directory appears. 

6 To add a trustee, press <Insert> and locate the trustee’s name in the list. Select 
the name and press <Enter>. 

The new trustee, object type, and default rights appear in the list. 

7 (Optional) Add another trustee to this file or directory. 
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Press <Esc> until you get to the “View/Set File [or Directory] Information” 
screen and then repeat Steps 5 and 6. 

8 (Optional) Assign rights to the new trustee. 

You can assign or modify trustee rights now, or at any time after the trustee has 
been assigned to the directory or file. 

a From the trustee list, select the user you want to assign or modify rights for 
and press <Enter>. 

The “Trustee Rights” list appears, showing the rights the trustee currently 
has to this directory or file. 

b Press <Insert> to see a list of rights you can assign. 

c Select a right you want to give the trustee and press <Enter>. To give the 
trustee more than one right, press <F5> to mark the rights, and then press 
<Enter>. 

The “Trustee Rights” list reappears with the new rights added, 
d Press <Esc>. 

The new rights appear next to the trustee name. 

9 Exit FILER by pressing <Esc> until you reach the Exit confirmation box and 
select “Yes.” 

Additional Information 


For more information about 

Refer to 

Filesystem rights 

“Trustee Rights” in this chapter 

Trustees 

“Trustee” in Concepts 

Using FILER 

“FILER” in Utilities Reference 


Deleting a Trustee from a Directory or File 

You can delete a trustee from a directory or file using NetWare 
Administrator or FILER. Both procedures are described in this section. 
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Deleting a Trustee Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Access Control right to the file or directory to which you want to delete the 
trustee 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 Using the browser, select a directory or file from which you want to delete a 
trustee. 

For information on moving around in the browser and selecting objects, choose 
“Help” from the menu bar. 

3 From the “Object” menu, choose “Details.” 

4 From the “Identication” page, choose “Trustees of This Directory.” 

5 From the “Trustees” list, select a trustee. 

6 Choose “Delete Trustee.” 

7 To delete that object as a trustee, choose “Yes.” 

8 To return to the browser, choose “OK.” 

Additional Information 


For more information about 

Refer to 

Trustees 

“Trustee” in Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 


Deleting a Trustee Using FILER 
Prerequisites 

• A workstation running DOS 3.30 or later and FILER 

• A minimum of 512 KB of memory available on the workstation 

• The Access Control right to the file or directory to which you want to delete the 
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trustee 

Procedure 

1 At the DOS prompt, type 
FILER <Enter> 

A list of available options appears. 

Your current context. Volume object, and path are shown in the upper left corner 
of the screen. 

2 Select “Manage Files and Directories.” 

The “Directory Contents” list appears. 

3 Find and select the file or directory you want. 

• If the item you want appears on the list, select it and press <F10>. 

• If the item is not on the list, browse a directory by selecting it and pressing 
<Enter> until you see the item you want. Select it and press <F10>. 

• If you cannot find what you want, check the Volume object name in the upper 
left corner of the screen. If you are in the wrong Volume, you can change it 
by returning to the “Available Options” menu and choosing “Select Current 
Directory.” 

4 Select “View/Set File [or Directory] Information” and press <Enter>. 
Information for that file or directory appears. 

5 Use the arrow keys to move to the “Trustees” field and press <Enter>. 

A list of trustees for that file or directory appear. 

6 Select the trustee you want to delete, and then press <Delete>. 

You are prompted to delete that trustee from the file or directory. 

7 Select “Yes.” 

8 To exit, press <Esc> until the menu you want appears. 

Additional Information 


For more information about 

Refer to 

Trustees 

“Trustee” in Concepts 

Using FILER 

“FILER” in Utilities Reference 
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Modifying a Trustee’s Rights to a Directory or File 

You can modify trustee rights to a directory or file using NetWare 
Administrator or FILER. Both procedures are described in this section. 

Modifying a Trustee’s Rights Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Access Control right to the file or directory to which you want to change the 
tmstee rights 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 Using the browser, select the file or directory for which you want to change 
tmstee rights. 

For information about moving around in the browser and selecting objects, 
choose “Help” from the menu bar. 

3 From the “Object” menu, choose “Details.” 

4 From the “Identification” page, choose “Trustees of This Directory.” 

5 From the “Trustees” list, select a trustee. 

6 Grant or revoke rights by marking the check boxes below the tmstee name. 

7 Choose “OK” to save the trustee rights. 


Additional Information 

For more information about 

Refer to 

Filesystem rights 

“Trustee Rights” in this chapter 


“Rights” in Concepts 

Tmstees 

“Trustee” in Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 
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Modifying a Trustee’s Rights Using FILER 
Prerequisites 

• A workstation running DOS 3.30 or later and FILER 

• A minimum of 512 KB of memory available on the workstation 

• The Access Control right to the file or directory for which you want to change the 
trustee rights 

Procedure 

1 At the DOS prompt, type 
FILER <Enter> 

A list of available options appears. 

Your current context. Volume object, and path are shown in the upper left corner 
of the screen. 

2 Select “Manage Files and Directories.” 

The “Directory Contents” list appears. 

3 Find and select the file or directory you want. 

• If the item you want appears in the list, select it and press <F10>. 

• If the item is not on the list, browse a directory by selecting it and pressing 
<Enter> until you see the item you want. Select it and press <F10>. 

• If you cannot find the item you want, check the Volume object name in the 
upper left corner of the screen. If you are in the wrong Volume, you can 
change it by returning to the “Available Options” menu and choosing “Select 
Current Directory.” 

4 Select “View/Set File [or Directory] Information” and press <Enter>. 

5 Using the arrow keys, move to the “Trustee” field and press <Enter>. 

6 Select the name of the trustee whose rights you want to modify and press 
<Enter>. 

A list of the trustee’s current rights appears. 

7 Press <Insert> to see a list of rights you can assign. 

8 Select a right you want to give the trustee and press <Enter>. If you want to assign 
more than one right, press <F5> to mark the rights, then press <Enter>. 

The “Trustee Rights” list reappears, showing the new list of rights. 
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9 To exit, press <Esc>. 

The new rights appear next to the trustee name. 

Additional Information 


For more information about 

Refer to 

Filesystem rights 

“Rights” in Concepts 

Tmstees 

“Trustee” in Concepts 

Using FILER 

“FILER” in Utilities References 


Viewing or Modifying the Inherited Rights Filter for Directories 
and Files 

You can view or modify the Inherited Rights Filter (IRF) for a directory or 
file using NetWare Administrator or FILER. Both procedures are described 
in this section. 

Viewing or Modifying the IRF Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Access Control right to the file or directory to which you want to view or 
modify the IRF 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 Using the browser, select a directory or file. 

For information on moving around in the browser and selecting objects, choose 
“Help” from the menu bar. 

3 From the “Object” menu, choose “Details.” 

4 From the “Identification” page, choose “Trustees of This Directory.” 

5 Under “Inheritance Filter,” select the check boxes for the rights that you want to 
allow to be inherited for that directory or file. 

6 Choose “OK.” 
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The “Trustees” dialog box reappears. 

7 To return to the browser, choose “OK.” 

Additional Information 


For more information about 

Refer to 

Inherited rights 

“Directory and File Attributes” in this 
chapter 

“Attributes,"Inherited Rights Filter,” and 
“Rights” in Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 


Viewing or Modifying the IRF using FILER 
Prerequisites 

• A workstation running DOS 3.30 or later and FILER 

• A minimum of 512 KB of memory available on the workstation 

• The Access Control right to the file or directory for which you want to view or 
modify the filter 

Procedure 

1 At the DOS prompt, type 
FILER <Enter> 

A list of available options appears. 

Your current context. Volume object, and path are shown in the upper left corner 
of the screen. 

2 Select “Manage Files and Directories.” 

The “Directory Contents” list appears. 

3 Find and select the file or directory you want. 

• If the item you want appears in the list, select it and press <F10>. 

• If the item is not on the list, browse a directory by selecting it and pressing 
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<Enter> until you see the item you want. Select it and press <F10>. 

• If you cannot find what you want, check the Volume object name in the upper 
left corner of the screen. If you are in the wrong Volume, you can change it 
by returning to the “Available Options” menu and choosing “Select Current 
Directory.” 

4 Select “View/Set File [or Directory] Information” and press <Enter>. 

Information for that file or directory appears. The current inherited rights are 
shown in the “Inherited Rights Filter” field. 

5 Use the arrow keys to move to the “Inherited Rights Filter” field and press 
<Enter>. 

A list of the rights inherited by the file or directory appears. 

6 Select a file or directory attribute you want to revoke and press <Delete>. To 
revoke more than one attribute, press <F5> to mark attributes, then press 
<Delete>. 

7 Press <Esc>. 

The “File [or Directory] Information” screen reappears with a listing of the 
rights that can be inherited. 

8 To exit, press <Esc> until the menu you want appears. 

Additional Information 


For more information about 

Refer to 

Inherited rights 

“Directory and File Attributes” in this 
chapter 


“Attributes,” “Inherited Rights Filter,” 
and “Rights” in Concepts 

Using FILER 

“FILER” in Utilities Reference 


Changing Attributes of a Directory or File 

You can change the attributes of a directory or file using NetWare 
Administrator or FILER. Both procedures are described in this section. 
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Changing Attributes Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Modify right to the file or directory whose attributes you want to change 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 Using the browser, select a directory or file. 

For information on moving around in the browser and selecting objects, choose 
“Plelp” from the menu bar. 

3 From the “Object” menu, choose “Details.” 

4 From the “Identification” page, choose “Attributes.” 

5 Select the check boxes for the attributes that you want to set or change for this 
directory or file. 

6 To close the “Object” dialog box and save the new attributes, choose “OK.” 

Additional Information 


For more information about 

Refer to 

File and directory attributes 

“Directory and File Attributes” in this 
chapter 


“Attributes” in Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 


Changing Attributes Using FILER 
Prerequisites 

• A workstation running DOS 3.30 or later and FILER 

• A minimum of 512 KB of memory available on the workstation 

• The Modify right to the file or directory whose attributes you want to change 

Procedure 
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1 At the DOS prompt, type 
FILER <Enter> 

A list of available options appears. 

Your current context. Volume object, and path are shown in the upper left corner 
of the screen. 

2 Select “Manage Files and Directories.” 

The “Directory Contents” list appears. 

3 Find and select the file or directory you want. 

• If the item you want appears in the list, select it and press <F10>. 

• If the item is not on the list, browse a directory by selecting it and pressing 
<Enter> until you see the item you want. Select it and press <F10>. 

• If you cannot find what you want, check the Volume object name in the upper 
left corner of the screen. If you are in the wrong Volume, you can change it 
by returning to the “Available Options” menu and choosing “Select Current 
Directory.” 

4 Select “View/Set File [or Directory] Information” and press <Enter>. 
Information for the file or directory appears. 

5 To modify an attribute, use the arrow keys to move to the “File [or Directory] 
Attributes” field and press <Enter>. 

The attributes for that file or directory appear. 

6 Modify the attribute by completing one of the following steps: 

• To delete an attribute, select it and press <Delete>. Select “Yes” when you 
are prompted to delete the attribute. 

• To add an attribute, press <Insert>. Select the attribute you want to add and 
press <Enter>. 

To assign more than one right, press <F5> to mark the rights, and then press 
<Enter>. 

7 To exit, press <Esc> until the menu you want appears. 

Additional Information 
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For more information about 

Refer to 

File and directory attributes 

“Directory and File Attributes” in this 
chapter 

“Attributes” in Concepts 

Using FILER 

“FILER” in Utilities Reference 


Changing the Owner of a Directory or File 

You can change the owner of a directory or file using NetWare 
Administrator or FILER. Both procedures are described in this section. 

Changing the Owner Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Modify right to the file or directory whose attributes you want to change the 
owner 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 Using the browser, select a directory or file for which you want to change the 
owner. 

For information on moving around in the browser and selecting objects, choose 
“Help” from the menu bar. 

3 From the “Object” menu, choose “Details.” 

4 From the “Identification” page, choose “Facts.” 

5 To change the owner of this file or directory, click on the browser button to the 
right of the “Owner” field. 

6 Choose the object that you want to make the new owner of this directory or file. 

7 When the conect user is displayed in the “Object Name” field, choose “OK.” 
The new owner appears in the “Owner” field of the “Object” dialog box. 

8 To save changes, choose “OK.” 
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Additional Information 

For more information about 

Refer to 

Objects 

Chapter 2, “Setting Up and Managing 
NetWare Directory Services Objects” 

“Objects” in Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 


Changing the Owner Using FILER 
Prerequisites 

• A workstation running DOS 3.30 or later and FILER 

• A minimum of 512 KB of memory available on the workstation 

• The Modify right to the file or directory for which you want to change the owner 

Procedure 

1 At the DOS prompt, type 
FILER <Enter> 

A list of available options appears. 

Your current context. Volume object, and path are shown in the upper left corner 
of the screen. 

2 Select “Manage Files and Directories.” 

The “Directory Contents” list appears. 

3 Find and select the file or directory you want. 

• If the item you want appears in the list, select it and press <F10>. 

• If the item is not on the list, browse a directory by selecting it and pressing 
<Enter> until you see the item you want. Select it and press <F10>. 

• If you cannot find what you want, check the Volume object name in the upper 
left corner of the screen. If you are in the wrong Volume, you can change it 
by returning to the “Available Options” menu and choosing “Select Current 
Directory.” 

4 Select “View/Set File [or Directory] Information” and press <Enter>. 
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Information for the file or directory appears. The current owner of the file or 
directory appears in the “Owner” field. 

5 Use the arrow keys to move to the “Owner” field and press <Enter>. 

6 Select the user that you want to be the owner of the file or directory and press 
<Enter>. 

For directories only, apply the change of ownership to either the entire 
subdirectory structure or to the selected directory. 

7 To exit, press <Esc> until the menu you want appears. 

Additional Information 


For more information about 

Refer to 

Objects 

Chapter 2, “Setting Up and Managing 
NetWare Directory Services Objects” 
“Object” in Concepts 

Using FILER 

“FILER” in Utilities Reference 
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Viewing Effective Rights and Other Information 

You can see the effective rights a trustee has to a directory or file using 
NetWare Administrator or FILER. Both procedures are described in this 
section. 

Viewing a Trustee’s Effective Rights Using NetWare 
Administrator 

Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Access Control right to the file or directory, and the Read property right to 
the trustee object’s ACL property 

Procedure 

1 From the Windows Program Manage, click on the “NetWare Administrator” 
icon. 

2 Using the browser, select a directory or file. 

For information on moving around in the browser and selecting objects, choose 
“Help” from the menu bar. 

3 From the “Object” menu, choose “Details.” 

4 From the “Identification” page, choose “Trustees of This Directory.” 

5 Select the trustee whose effective rights you want to view. 

6 Choose “Effective Rights.” 

The selected trustee’s effective rights are bolded in the “Effective Rights” box. 

7 (Optional) To view a different object’s rights to this directory or fde, choose the 
browser button to the right of the “Trustee” text box and select an object from the 
browser. 

8 To return to the browser, choose “Cancel.” 
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Additional Information 


For more information about 

Refer to 

Effective rights 

“Effective rights” in Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 


Viewing a Trustee’s Effective Rights Using FILER 

Prerequisites 

• A workstation running DOS 3.30 or later and FILER 

• A minimum of 512 KB of memory available on the workstation 

• The Access Control right to the file or directory, and the Read property right to 
the trustee object’s ACL property 

Procedure 

1 At the DOS prompt, type 
FILER <Enter> 

A list of available options appears. 

Your current context. Volume object, and path are shown in the upper left corner 
of the screen. 

2 Select “Manage Files and Directories.” 

The “Directory Contents” menu appears. 

3 Find and select the file or directory you want. 

• If the item you want appears in the list, select it and press <F10>. 

• If the item is not on the list, browse a directory by selecting it and pressing 
<Enter> until you see the item you want. Select it and press <F10>. 

• If you cannot find the item on the list, check the Volume object name in the 
upper left corner of the screen. If you are in the wrong Volume, you can 
change it by returning to the “Available Options” menu and choosing “Select 
Current Directory.” 

4 Select “View/Set File [or Directory] Information” and press <Enter>. 
Information for that file or directory appears. 
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5 Use the arrow keys to move to the “Trustees” field and press <Enter>. 

A list of trustees for the file or directory appears, along with the object type of 
the trustee and the current rights the trustee has to the file or directory. 

If the trustee list is empty, no effective rights exist for this file or directory. To 
assign trustee rights, see “Adding a Trustee Using FILER” in this chapter. 


Additional Information 


For more information about 

Refer to 

Effective rights 

“Effective rights” in Concepts 

Using FILER 

“FILER” in Utilities Reference 
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Viewing Other Information about a Directory or File 

You can view extended information about a directory or file using NetWare 
Administrator or FILER or NDIR, such as 

• Owner and trustees 

• Attributes, effective rights, and IRF 

• Name space 

• File size (files only) 

• Creation, access, archive, and modify dates (files only) 

• Creation date and time (directories only ) 

• Disk-space limitations (directories only) 

Procedures for using NetWare Administrator, FILER, and NDIR are 
described in this section. 

Viewing Other Information Using NetWare Administrator 

Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Access Control right to the file or directory about which you want to view 
information 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 Using the browser, select the file or directory about which you want to see 
information. 

For help moving around in the browser and selecting objects, choose “Help” 
from the menu bar. 

3 From the “Object” menu, choose “Details.” 

4 Select an “Information” page to view information for this file or directory. 

5 If you have made any changes on any pages, choose “OK” to save changes and 
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return to the browser. 


Additional Information 


For more information about 

Refer to 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 

Reference 


Viewing Other Information Using FILER 

Prerequisites 

• A workstation running DOS 3.30 or later and FILER 

• A minimum of 512 KB of memory available on the workstation 

• The Access Control right to the file or directory about which you want to view 
information 

Procedure 

1 At the DOS prompt, type 
FILER <Enter> 

A list of available options appears. 

Your current context. Volume object, and path are shown in the upper left corner 
of the screen. 

2 Select “Manage Files and Directories.” 

The “Directory Contents” list appears. 

3 Find and select the file or directory you want. 

• If the item you want appears in the list, select it and press <F10>. 

• If the item is not on the list, browse a directory by selecting it and pressing 
<Enter> until you see the item you want. Select it and press <F10>. 

• If you cannot find what you want, check the Volume object name in the upper 
left corner of the screen. If you are in the wrong Volume, you can change it 
by returning to the “Available Options” menu and choosing “Select Current 
Directory.” 

4 Select “View/Set File [or Directory] Information.” 
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Information for the file or directory appears. 

5 To exit, press <Esc> until the menu you want appears. 

Additional Information 


For more information about 

Refer to 

Using FILER 

“FILER” in Utilities Reference 


Viewing Other Information Using NDIR 

For online help with NDIR’s features, type one of the following commands: 

• For information on NDIR's sorting features, type 

NDIR /? SORT <Enter> 

• For information on search filters (restrictions), type 
NDIR /? RES <Enter> 

• For information on attribute filters, type 
NDIR /? AT <Enter> 

• For information on other options, type 
NDIR /? OPT <Enter> 

• For NDIR syntax information, type 
NDIR /? SYN <Enter> 

• To view all the NDIR utility help screens, type 
NDIR /? ALL <Enter> 

Prerequisites 

• A workstation running DOS 3.30 or later 

• A minimum of 512 KB of memory available on the workstation 

• The Access Control right to the file or directory about which you want to view 
information 

Procedure 

Use the NDIR commands in Table 3-7 to find information about files, 
directories, volumes, etc. 
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Table 3-7 


Using NDIR to Get File and Directory Information 


To get information about 

Use this NDIR command 

Files only 

NDIR path /FO 

Directories only 

NDIR path /DO 

All subdirectories 

NDIR path /S 

Volumes 

NDIR /VOL 

Directory space 

NDIR /SPA 

File version 

NDIR /VER 

File details 

NDIR filename /D 


For more information about the NDIR utility, see “NDIR” in Utilities 
Reference. 
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Introduction 

This chapter provides information on NetWare® Directory Services™ 
(NDS™), including the following: 

• How to set up after NDS is installed 

• How to work with NDS partitions and replicas 

• How to remove or re-install NDS 

• How to delete an NDS object from the NDS database 

• How to import data into NDS 

• How to repair the NDS database 

• How to manage NDS synchronization 
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About NetWare Directory Services 

NetWare Directory Services (NDS) is a distributed database that provides 
global access to all network resources regardless of where they are located 
physically. Users log in to a multiserver network and view the entire 
network as a single information system. 

This single information system is the basis for increased productivity and 
reduced administrative costs. You can manage NDS by using the utilities 
and programs described in this chapter. 

The following utilities and programs help you maintain the NDS database. 

• The Partition Management utilities allow you to distribute your NDS database by 
placing replicas of partitions of the database on different servers. 

The PARTMGR text utility and NetWare Administrator are available to help you 
manage the database partitions and replicas. You can also remove NDS from a 
server using the DS Install utility. 

• The UIMPORT utility allows you to import information from an existing 
database (any database capable of converting records to an ASCII file will work) 
to the NDS database. Use this utility and your database records to create, delete, 
and update User objects and their properties. 

• The DS Repair utility checks and repairs local portions of the database, similar to 
the way VREPAIR fixes volumes on a server. 

• dsadmin allows you to determine whether NDS synchronization processes are 
complete and to diagnose NDS errors. 
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General NetWare Directory Services Setup 

You set up NctWai'c Directory Services from your server console. 

Prerequisites 

• Access to the server console 

• Superuser permission to use the System Administration Manager (SAM) 

Procedure 

1 At the HP-UX prompt, type: sam 

2 Double click Networking and Communications at the SAM main window. 

3 Double click NetWare at the Networking and Communications window. 

4 Double click NetWare Directory Services at the NetWare window. 

5 Set the Bindery Context variable as appropriate, advancing the cursor with the 
<Return> (or <Enter>) key after each value is entered. 

6 After you have updated your configuration, return to the NetWare menu in SAM. 


4-4 



Managing the NetWare Directory Services Tree 

Creating and Managing Directory Services Partitions 


Creating and Managing Directory Services Partitions 

This section explains how to set up NDS partitions and replicas on your 
servers. 

About Partitions and Replicas 

A partition is a part of the total Directory tree and contains at least one 
container and its associated leaf objects. 

When a partition is subordinate to another in the Directory free, it is referred 
to as a child partition. The partition above it is referred to as the parent 
partition. 

You can make copies of a partition, called replicas, and store them on 
different servers in your network. Distributing replicas reduces network 
traffic by making information accessible locally and enabling users to log in 
to the network even when a server is down. 

Replicas also provide fault tolerance by ensuring that more than one copy of 
the partition information is available. If the partition becomes corrupted, you 
can use a replica to re-create it. 

NOTE: Partitions contain only NDS database information, not fde and directory data or 

information. 


There are four types of replicas, which are explained in the following table: 


Replica 

Description 

Master 

Partition information can be read from and 
written to this replica. The master replica can also 
be used to change the logical structure of the 
Directory tree (by creating a new partition, for 
example). 

When you create a new partition, a master replica 
is created and stored on the same server as the 
parent partition. 
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Replica 


Description 


Read/Write 

Partition information can be read from and 
written to this replica. For example, it can be used 
to log in, add or delete objects, and view 
directory information. 

Read-Only 

Partition information can be read from this 
replica, but it cannot be written to by anything 
other than a read/write or master replica. 


Users cannot authenticate to the network through 
a read-only replica because the login process 
changes the NDS database. 


You cannot set a bindery context when you log in 
to a read-only replica. 

Subordinate 

If you add a read/write or read-only replica of the 
child partition to the server, the subordinate 
replica is removed. 


This replica cannot be modified by any user. It is 
automatically placed on a server by NDS if the 
parent partition has a master, a read/write, or a 
read-only replica on the server and the child 
partition does not. 


Planning and Creating Partitions and Replicas 

You can create additional partitions and replicas using NetWare 
Administrator or PARTMGR in DOS or Windows. Instructions for using 
these utilities are included in this section. 

What Happens during Installation 

By default, the installation utility adds a replica of the partition that contains 
the server’s context only if the total of existing replicas is fewer than three. 

However, if the server is not a NetWare 4™ server and contains bindery files 
(SYS:SYSTEM\NET$*.SYS) a replica is added, regardless of the number of 
replicas. 
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These default settings ensure that bindery services will work correctly for 
networks running both NetWare 3™ and NetWare 4 software. 

Additional Information 


For more information about 

Refer to 

Bindery services 

Introduction to NetWare Directory 

Services and “Bindery Services” in 
Concepts 

Directory partitions 

“Understanding Management Features” of 
Introduction to NetWare Directory 

Sendees 

NetWare Directory partitions 

“NetWare Directory partitions” in 

Concepts 


Guidelines for Managing Partitions and Replicas 

Use these guidelines for managing partitions and replicas: 

• Make sure all the servers that contain replicas are up and running before you 
attempt any partition operation. 

If you attempt a partition operation while a server (that contains a replica) is 
down, NDS will not be able to synchronize, since it will not be able to 
communicate with the replica on the downed server. 

• You can create partitions only at the container level of the Directory tree. 

• NDS does not require you to have a replica of the complete database in any 
location; the database is designed to be divided into usable pieces. 

• Operations to manage partitions or replicas take place in the background and take 
time to complete, since the replicas need to be synchronized with new 
information. 

• You cannot store more than one replica of the same partition on a server. It is not 
necessary for all servers in your Directory tree to store partitions or replicas 
unless you want to be able to log in to every server in your tree using bindery 
services. 


You can create as many replicas of a partition as you need; however, we 
recommend that you create between three and six replicas of each partition in 
your Directory tree. 
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Having too many replicas may slow down your network because it will be busy 
synchronizing. 

• You can have only one master replica. 

Because partition and replica management is such a vital part of managing 
your network, you should read Chapter 9 , “Managing NetWare Directory 
Services,” of Introduction to NetWare Directory Services before you use the 
Partition Manager utilities. 

Additional Information 


For more information about 

Refer to 

Bindery services 

“Bindery services” in Concepts 

Partition Manager utilities 

“PARTMGR" and “NetWare 

Administrator” in Utilities Reference 

Partitions 

“Partition, Directory Services,” 

“Partition management,” and “Replica” in 
Concepts 

Planning and using partitions 

Chapter 5, “Planning NetWare Directory 
Services Implementation,” of 

Introduction to NetWare Directory 

Sendees 


Considerations Before Creating Partitions and Replicas 

This section provides a list of items for you to consider. We strongly 
recommend that you fill out the checklist in Appendix A of Installation 
Handbook so that you or another network administrator will know what 
partitions and replicas are stored on your servers in case you should ever 
need to restore NDS. 

Before you create your partitions and replicas, or immediately after they are 
all set up, ask yourself 


How many servers are on the network? 

What are the names of those servers? 

If you are creating partitions and replicas on more than one server, how are they 
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installed? 

• Which server is Single Reference, which is Primary, and which servers are 
Secondary? 

• How are the replicas set up? How many are there? On which servers do they 
exist? Which replicas are master? Read/write? Read-only? Subordinate? 

• How are your partitions set up? Which partitions are the parents? Which 
partitions are the children? 

After all of your partitions and replicas are set up, you can view your data 
and make a note of it. To do this, see “Viewing a List of Partitions Stored on 
a NetWare Server” in this chapter or “Viewing a List of Replicas in a 
Partition” or “Viewing a List of Partitions in a Directory Tree” in this 
chapter. 

Make a note every time changes are made to the servers, partitions, or 
replicas. That way, if disaster occurs to your NDS tree, you or another 
system administrator can easily check the server configurations. 

For information on how to restore NDS in case of failure, see “Backing Up 
and Restoring NetWare Directory Services™” in Chapter 7. 

Restricting Access to Partition Manager 

As administrator, you may want to limit which users in your network can 
access the Partition Manager that can be launched from NetWare 
Administrator. 

There are two ways you can limit access to Partition Manager: 

• Restrict rights to NWPAR.DLL (found in SYS:PUBLIC) by giving Read and File 
Scan rights only to those who you want to have access to Partition Manager. 

• Remove NWPAR.DLL from SYS:PUBLIC and place it in your path or in a 
directory where you have a search drive mapped. 

This allows only you to see Partition Manager under the “Tools” menu in 
System Administrator. 
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NOTE: You can also limit rights to PARTMGR (in DOS) by restricting rights to 

PARTMGR.EXE or by removing it from SYS:PUBLIC and placing it in your path 
or in a directory to which you have a search drive mapped. 


Creating a New Partition 

A partition consists of one or more container objects and their associated 
leaf objects. It cannot contain only leaf objects. The container that is the first 
object in the partition is called the “root” of the partition. 

To create a new partition, you split the parent partition to result in two 
partitions. The new partition becomes a child partition. 

For example, if you select an Organizational Unit and choose to create it as a 
new partition, you are choosing to split the Organizational Unit from its 
parent partition (Root, for example, which is always a partition). The 
following things happen: 

• The Organizational Unit you selected becomes the root of a new partition. 

• The replicas of the parent partition remain on the same servers. 

• Information for the new partition migrates from the parent partition’s replicas to 
the new partition’s replicas. 

• The master replica of the new partition is stored on the same server as the master 
replica of the parent partition. 

Creating a partition may take some time, since all the replicas need to be 
synchronized with the new partition information. 

When you create a new partition, the utility you use will inform you that the 
partition is created successfully, but the actual creating is still completing on 
the servers. You will need to wait a while before performing another 
partition operation. 

Partitions can be created using PARTMGR or NetWare Administrator in 
DOS or Windows. Both procedures are described in this section. 
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Creating a Partition Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• A minimum of 6 MB of memory available on the workstation 

• The Supervisor object right to the container object you are partitioning 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 From the “Tools” menu, select “Partition Manager.” 

Partition Manager launches from the container you selected in NetWare 
Administrator. 

3 To locate the container object that you want to create as a partition, browse the 
“Partition Manager” screen. 

If the container object does not appear in the window, browse the Directory tree 
either by choosing an object to see its subordinates or by choosing the arrow to 
move toward the Root. Your current context appears in the upper left corner of 
the screen. 

For information about moving around in the “Partition Manager” screen and 
selecting objects, choose the “Help” button. 

4 Select the container object. 

5 Choose “Create as New Partition.” 

6 To confirm the creation of a new partition, choose “Yes.” 

The new partition is created when the process is completed on the servers. To 
see the partition icon that signifies that a container is a partition, you need to 
refresh the screen by choosing the up-arrow and then expanding the parent 
container again. 

A master replica is stored on the server where the parent partition’s master 
replica resides. An icon appears next to the Organization (O) or Organizational 
Unit (OU) to show that the container is the root of a partition. 

To see where the master replica is stored, select the Organization (O) or 
Organizational Unit (OU) that you just partitioned, and then choose “Replicas.” 
The server name appears in the “Servers” column and “Master” appears next to 
it in the “Type” column. 
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If you want to make additional replicas of this partition, see “Creating a 
Replica” in this chapter. 

Additional Information 

For more information about Refer to 

Partitions “NetWare Directory partition,” “Partition 

management,” and “Replica” in Concepts 

Using NetWare Administrator “NetWare Administrator” in Utilities 

Reference 

Creating a Partition Using PARTMGR 
Prerequisites 

• A workstation running DOS 3.30 or later and PARTMGR 

• A minimum of 512 KB of memory available on the workstation 

• The Supervisor object right to the container object you are partitioning 

Procedure 

1 At the DOS prompt, type 

PARTMGR <Enter> 

2 From the “Partition Administration” menu, select “Manage Partitions.” 

Your current context appears in the upper left corner of the screen. 

3 Select the container object to partition. 

• If the container you want to partition appears in the list, select it and press 
<F10>. 

• If the container is not in the list, browse the directory by selecting containers 
and pressing <Enter> until you see the container you want. Select it and press 
<F10>. 

4 Choose “Yes” to create the new partition. 

The new partition is created when the process is completed on the servers. To 
see the partition icon that signifies that a container is a partition, you need to 
refresh the screen by choosing the up-arrow and then expanding the parent 
container again. 


4-12 







Managing the NetWare Directory Services Tree 

Creating and Managing Directory Services Partitions 


A master replica is stored on the server where the parent partition’s master 
replica resides. An icon appears next to the Organization (O) or Organizational 
Unit (OU) to show that the container is the root of a partition. 

To see where the master replica is stored, select the Organization (O) or 
Organizational Unit (OU) that you just partitioned, and then choose “View/Edit 
Replicas.” The server name appears in the “Replicas Stored on Server” column, 
and “Master” appears next to it in the “Type” column. 

If you want to make additional replicas of this partition, see “Creating a 
Replica” in this chapter. 

Additional Information 


For more information about 

Refer to 

Partitions 

“NetWare Directory partition,” “Partition 
management,” and “Replica” in Concepts 

Using PARTMGR 

“PARTMGR” in Utilities Reference 


Merging Partitions 

You might want to merge two partitions if the Directory information in the 
partitions is closely related. In other words, you would merge a partition 
with its parent partition when you want to delete the partition without 
deleting the objects in the partition. 

Consider keeping partitions separate if the newly combined partitions would 
be large, because large partitions slow down response time. 

The partitions are merged when the process is completed on the servers. To 
see that the icon of the partition you merged is gone (which signifies that the 
merge is complete), you need to refresh the screen by choosing the up-arrow 
and then expanding the container again. 

Merging a partition with its parent partition might take some time, since the 
replicas need to be deleted and the parent replicas updated with the merging 
partition information. 


You can merge a subordinate partition with its parent partition using either 
NetWare Administrator or PARTMGR. Both procedures are documented in 
this section. 


4-13 



Managing the NetWare Directory Services Tree 

Creating and Managing Directory Services Partitions 


Merging Partitions Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• A minimum of 6 MB of memory available on the workstation 

• The Supervisor object right to the object and its parent partition 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 Choose “Partition Manager” from the “Tools” menu. 

3 To locate the container object that you want to merge with the parent partition, 
browse the “Partition Manager” screen. 

If the partition object does not appear in the window, browse the Directory tree 
by either selecting an object to see its subordinates or by choosing the arrow key 
to move toward the Root. Your current context appears in the upper left corner 
of the screen. 

For information about moving around in the “Partition Manager” screen and 
selecting objects, choose the “Help” button. 

4 Select the partition you want to merge. 

5 Choose “Merge Partition.” 

6 To merge the partition with its parent, choose “Yes.” 

The partition is merged when the process is completed on the servers. To see that 
the icon of the partition you merged is gone (which signifies that the merge is 
complete), you need to refresh the screen by choosing the up arrow and then 
expanding the container again. 

Merging a partition with its parent partition might take some time, since the 
replicas need to be deleted and the parent replicas updated with the merging 
partition information. 

The replicas of the partitions are also merged. 

A partition with no parent merges with the Root partition. 

Additional Information 
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For more information about 

Refer to 

Partitions 

“Partition, Directory Services,” 

“Partition management,” and “Replica” in 
Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 


Merging Partitions Using PARTMGR 

Prerequisites 

• A workstation running DOS 3.30 or later and PARTMGR 

• A minimum of 512 KB of memory available on the workstation 

• The Supervisor object right to the object at the root of the parent partition 

Procedure 

1 At the DOS prompt, type 

PARTMGR <Enter> 

2 From the “Partition Administration” menu, choose “Manage Partitions.” 

3 Select the partition to merge. 

• If the partition appears in the list, select it and press <F10>. 

• If the partition is not on the list, browse the directory by selecting objects and 
pressing <Enter> until you see the partition you want. Select it and press 
<F10>. 

4 Choose “Merge with the Parent Partition.” 

5 Choose “Yes” to merge the selected partition with the parent. 

The partition is merged when the process is completed on the servers. To see that 
the icon of the partition you merged is gone (which signifies that the merge is 
complete), you need to refresh the screen by choosing the up arrow and then 
expanding the container again. 

Merging a partition with its parent partition might take some time, since the 
replicas need to be deleted and the parent replicas updated with the merging 
partition information. 

Additional Information 
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For more information about 

Refer to 

Partitions 

“Partition, Directory Services,” 

“Partition management,” and “Replica” in 
Concepts 

Using PARTMGR 

“PARTMGR” in Utilities Reference 

Moving a Partition 


You can move a container object only if it is the root of a Directory partition 
that has no subordinate partitions. Moving a container is really moving a 
partition. 

When you move a container object, NDS changes all references to the 
container. Although the object’s common name remains unchanged, the 
context name of the container (and of all its subordinates) changes. 

When you move a partition, you should create an Alias object that points to 
the partition you are moving. Doing so allows users to continue logging in to 
the network and finding objects in their original Directory tree location. 

If you move a partition and do not create an alias, users who are unaware of the 
partition’s new location will not easily find objects in the Directory tree, since they 
will look for them in their original Directory tree location. 

This might also cause client workstations to fail at login if the NAME CONTEXT 
parameter in the NET.CFG fde is set to the original location in the Directory tree. 

Because the context of an object changes when you move it, users whose name 
context in their configuration file (NET.CFG file) references the moved object need 
to update their NET.CFG so that it references the object’s new name. 

To automatically update users’ NET.CFG file with a new name context after moving 
an object, use the NCUPDATE utility. For instructions, see ’’NCUPDATE” in 
Utilities Reference. 

You can use NetWare Administrator or NETADMIN to move partitions in 
the Directory tree. Both procedures are documented in this section. 
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Moving a Partition Using NetWare Administrator 
Prerequisites 

• A workstation running Windows 3.1 and NetWare Administrator 

• The Supervisor right to the object you want to move 

• The Create object right to the destination container 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 From the “Tools” menu, choose “Partition Manager.” 

3 From the “Partition Manager” browser, select the partition that you want to move. 

You can move a container object only if it is the root of a partition and it 
contains no subordinate partitions. 

In Partition Manager, the partition icon appears to the left of the object icon. If 
the container you want to move is not a partition, select the container and choose 
“Create as New Partition.” Then refresh the screen so that the partition icon 
appears and go to the next step. 

If there are subordinate partitions in the container you want to move, you can 
merge those partitions with their parent partition. 

4 From the “Object” menu, choose “Move Partition.” 

5 Select the browser button to the right of the “Destination” box. 

Use the browser in the “Directory Context” box to view the Directory tree’s 
containers. 

The “Objects” box that appears in the lower left corner shows the containers that 
you select in the “Directory Context” box. 

6 From the “Objects” box, select a container object (an Organization or 
Organizational Unit) as the location to move the listed objects to; then choose 
“OK.” 

7 Choose “Create Alias in Place of Moved Container.” 

The Alias object will point to the partition’s new location. 

If you move an object and do not create an alias, users who are unaware of the 
object’s new location will not easily find objects in the Directory tree, since they 
will look for them in their original Directory tree location. 
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This might also cause client workstations to fail at login if the NAME 
CONTEXT parameter in the NET.CFG file is set to the original location in the 
Directory tree. 

Because the context of an object changes when you move it, users whose name 
context in their configuration file (NET.CFG file) references the moved object 
need to update their NET.CFG so that it references the object’s new name. 

To automatically update users’ NET.CFG file with a new name context after 
moving an object, use the NCUPDATE utility. For instructions, see 
“NCUPDATE” in Utilities Reference. 

8 In the “Move” dialog box, choose “OK.” 

If you chose to create an alias in place of the moved container, NetWare 
Administrator polls for the creation of the Alias object before it moves the 
selected partition. 

Unless you want the partition you just moved to remain a partition, you should 
merge it with its parent partition to avoid having an unnecessary partition in the 
Directory tree. See “Merging Partitions” in this chapter. 

You need to wait for processes throughout the Directory tree to be complete 
before you can perform another partition operation with this object. 

Additional Information 


For more information about 

Refer to 

Merging partitions 

“Merging Partitions” in this chapter 

Objects 

“Object” in Concepts 

Rights 

“Rights” in Concepts 

Alias objects 

’’Alias object” in Concepts 

Directory tree 

“Directory tree” in Concepts 

NCUPDATE 

“NCUPDATE” in Utilities Reference 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 
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Moving a Partition Using NETADMIN 

Prerequisites 

• A DOS workstation running DOS 3.30 or later and NETADMIN 

• The Create object right to the destination container 

Procedure 

1 At the DOS prompt, type 

NETADMIN <Enter> 

For information on moving around in NETADMIN and selecting objects, press 
<F1> after starting the utility. To see which container objects in the Directory 
tree are partitions, exit NETADMIN and type “PARTMGR” at the command 
line. Then browse the tree. 

2 From the NETADMIN options menu, choose “Manage Objects.” 

Your current context appears in the upper left corner. 

3 Select the object that you want to move. 

• If the object you want to move appears on the list, select it and press <F10>. 

• If the object is not on the list, browse the directory by selecting container 
objects and pressing <Enter> until you see the object you want. Select it and 
press <F10>. 

4 From the “Actions” menu, choose “Move.” 

You can move a container object only if it is the root of a Directory partition and 
it contains no subordinate partitions. 

In NETADMIN, when you select a container object that is a partition, the 
context-sensitive help at the bottom of the screen reads “This is a partition.” 
Also, an asterisk (*) is displayed in front of the object name. 

If the container you want to move is not a partition, you must use a partition- 
management utility (PARTMGR or NetWare Administrator) to create the 
container as a new partition. 

5 Use the down-arrow key and highlight the “New Context” field. 

6 Assign a new context to the object you want to move. 

• If you know the new context that you want the object to be in, type the new 
context in the highlighted field. 

• If you do not know the new context that you want the object to be in, press 
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<Insert> twice to browse the Directory tree for the destination container; then 
select the destination container and press <F10>. 

7 To accept the new context as the destination container, press <Enter>. 

8 To confirm that you want to move the object listed in the “Old Context” field to 
the container listed in the “New Context” field, press the <F10> key. 

9 To create an alias in place of the moved container, choose “Yes.” 

The Alias object will point to the partition’s new location, and the selected 
object is moved to the destination container. 

If you move an object and do not create an alias, users who are unaware of the 
object’s new location will not easily find objects in the Directory tree, since they 
will look for them in their original Directory tree location. 

This might also cause client workstations to fail at login if the NAME 
CONTEXT parameter in the NET.CFG file is set to the original location in the 
Directory tree. 

Because the context of an object changes when you move it, users whose name 
context in their configuration file (NET.CFG file) references the moved object 
need to update their NET.CFG so that it references the object’s new name. 

To automatically update users’ NET.CFG file with a new name context after 
moving an object, use the NCUPDATE utility. For instructions, see 
’’NCUPDATE” in Utilities Reference. 

You need to wait for processes throughout the Directory tree to be completed 
before you can perform another partition operation with this object. 

Unless you want the partition you just moved to remain a partition, you 
should merge it with its parent partition to avoid having an unnecessary 
partition in the Directory tree. See “Merging Partitions” in this chapter. 

Additional Information 


For more information about 

Refer to 

Objects 

“Object” in Concepts 

Rights 

“Rights” in Concepts 

Directory tree 

“Directory tree” in Concepts 

Using NETADMIN 

“NETADMIN” in Utilities Reference 
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Aborting a Partition Operation 

If you have begun the process of creating, merging, or moving a par tition, or 
changing a replica type, you can often abort the process, because partition 
operations take time. You can abort a partition operation only before the 
operation is in its final stages. 

You should use this feature if you begin a partition operation and find that 
your database will not synchronize. 

If NDS cannot synchronize replica information in your database because the 
database or replica information is corrupted, or because a server in your 
Directory tree is down, you probably should abort any partition operation in 
progress. 

If you choose to abort a partition operation when there is no operation in 
progress, no partitions are affected. 

You can abort a partition operation using NetWare Administrator or 
PARTMGR. Both procedures are described in this section. 

Aborting a Partition Operation Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• A minimum of 6 MB of memory available on the workstation 

• The Supervisor object right to the object at the root of the partition 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 From the “Tools” menu, choose “Partition Manager.” 

3 To locate the partition that is executing a partition operation, browse the 
“Partition Manager” screen. 

If the container object does not appear in the window, browse the tree by either 
selecting an object to see its subordinates or by selecting the arrow key to move 
toward the Root. Your current context appears in the upper left corner of the 
screen. 

For information about moving around in the “Partition Manager” screen and 
selecting objects, choose the “Help” button. 
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4 Select the partition that is executing a partition operation and choose “Abort 
Partition Operation.” 

As long as at least one of the replicas has not yet completed the operation (as 
shown in the “State” box), you can abort the operation. 

5 To abort the partition operation, choose “Abort” and then choose “Yes.” 

The partition operation is aborted and any replicas that have been merged, 
created, or moved (depending on the operation you had begun) are returned to 
their original Directory tree locations. 

Additional Information 


For more information about 

Refer to 

Partitions 

“NetWare Directory partition,” “Partition 
management,” and “Replica” in Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 


Aborting a Partition Operation Using PARTMGR 
Prerequisites 

• A workstation running DOS 3.30 or later and PARTMGR 

• A minimum of 512 KB of memory available on the workstation 

• The Supervisor object right to the object at the root of the partition 

Procedure 

1 At the DOS prompt, type 

PARTMGR <Enter> 

2 From the “Partition Administration” menu, choose “Manage Partitions.” 

Your current context appears in the upper left corner. 

3 Select the parent partition that is involved in a partition operation. 

• If the partition appears in the list, select it and press <F10>. 

• If the partition is not on the list, browse the directory by selecting objects and 
pressing <Enter> until you see the partition you want. Select it and press 
<F10>. 
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4 Choose “Abort Partition Operation.” 

A list of the replicas of the selected partition appears. Each replica’s type and 
state are also displayed. 

As long as at least one of the replicas has not yet finished the operation you 
began, you can abort the operation. If the state of the replica is “On,” all 
operations are complete and cannot be aborted. 

5 To abort the partition operation, press <F10> and choose “Yes.” 

The partition operation is aborted, and any replicas that began to be merged or 
created (depending on the operation you had begun) are returned to their 


previous state. 

Additional Information 

For more information about 

Refer to 

Partitions 

“NetWare Directory partition,” ” Partition 


management,” and “Replica” in Concepts 

Using PARTMGR 

“PARTMGR” in Utilities Reference 


Creating a Replica 

When you create a partition, a master replica is created automatically and 
stored on the server where the parent partition’s master replica resides. You 
can create additional replicas of the partition, within these guidelines: 

• You can have only one master replica. Additional replicas must be read/write or 
read-only. For a description of replica types, see “Planning and Creating 
Partitions and Replicas” in this chapter. 

• You can store only one replica of a partition on a server. 

Replicas can be created using NetWare Administrator or PARTMGR. Both 
procedures are described in this section. 
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Creating a Replica Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• A minimum of 6 MB of memory available on the workstation 

• The Supervisor object right to the object at the root of the partition 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 Select “Partition Manager” from the “Tools” menu. 

3 Browse the “Partition Manager” screen to locate the partition for which you want 
to create a replica. 

If the container object does not appear in the window, browse the Directory tree 
either by selecting an object to see its subordinates or by selecting the arrow key 
to move toward the Root. Your current context appears in the upper left corner 
of the screen. 

For information about moving around in the “Partition Manager” screen and 
selecting objects, choose the “Help” button. 

4 Select the container object and choose “Replicas.” 

5 Choose “Add Replica.” 

6 Browse the objects in the “Server” box to locate the server on which you want to 
store the replica. 

The partition you are creating the replica for appears at the top of the screen. The 
context and server information changes as you move through the Directory tree 
structure. 

7 Select the server you want the new replica to be stored on. 

8 Choose the replica type you want to create. 

9 To create the replica, choose “OK.” 

Additional Information 
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For more information about 

Refer to 

Partitions 

“Partition, Directory Services,” 

“Partition management,” and “Replica” in 
Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 

Reference 


Creating a Replica Using PARTMGR 

Prerequisites 

• A workstation running DOS 3.30 or later and PARTMGR 

• A minimum of 512 KB of memory available on the workstation 

• The Supervisor object right to the object at the root of the partition 

Procedure 

1 At the DOS prompt, type 

PARTMGR <Enter> 

2 From the “Partition Administration” menu, select “Manage Partitions.” 

Your current context appears in the upper left hand corner. 

3 Select the partition to replicate. 

• If the partition appears in the list, select it and press <F10>. 

• If the partition is not on the list, browse the directory by selecting objects and 
pressing <Enter> until you see the partition you want. Select it and press 
<F10>. 

4 Select “View/Edit Replicas.” 

A list of the replicas stored on your current server appears. The replica type is 
also displayed. 

5 To add a replica to the server, press <Insert>. 

6 Enter the replica information. 

a At the “Replica Type” field, press <Enter>. 

b Choose the type of replica you want to create from the “Replica Type” menu 
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at the top of the screen. 

c At the “Store on Server” field, press <Enter>. 

d Type the name of the server to which you want to add the replica, or press 
<Insert> to select a server from the browser. 

e To create the replica, press <Esc> or <F10> and choose “Yes.” 

The new replica appears on the list of replicas for the server. 

Additional Information 


For more information about 

Refer to 

Partitions 

“NetWare Directory partition,” “Partition 
management,” and “Replica” in Concepts 

Using PARTMGR 

“PARTMGR” in Utilities Reference 


Deleting a Replica 

When you delete replicas, keep the following guidelines in mind: 

• If a master replica becomes corrupted, change a read/write or read-only replica 
on another server to a master replica. This automatically changes the old master 
replica to a read/write replica. 

• For fault tolerance, you should maintain replicas of the master partition on 
different servers. 

Replicas can be deleted using NetWare Administrator or PARTMGR. Both 

procedures are documented in this section. 

Deleting a Replica Using NetWare Administrator 

Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• A minimum of 6 MB of memory available on the workstation 

• The Supervisor object right to the object at the root of the partition of the replica 
you want to delete 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
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icon. 

2 Select “Partition Manager” from the “Tools” menu. 

3 Browse the “Partition Manager” screen to locate the partition whose replica you 
want to delete. 

If the object where the container is stored does not appear in the window, browse 
the Directory tree either by selecting an object to see its subordinates or by 
choosing the arrow key to move toward the Root. Your current context appears 
in the upper left corner of the screen. 

For information about moving around in the “Partition Manager” screen and 
selecting objects, choose the “Help” button. 

4 Select the partition and choose “Replicas.” 

5 Select the server you want to delete the replica from and choose “Delete Replica.” 

You cannot delete a master replica. If the replica you want to delete is a master, 
go to a server with another replica of the master and make it the new master 
replica. This automatically changes the old master replica to a read/write replica, 
which you can delete. 

For instructions, see “Viewing a List of Partitions in a Directory Tree” in this 
chapter. 

6 Choose “OK.” 

Additional Information 


For more information about 

Refer to 


Partitions 

“NetWare, Directory partition,” 
management,” and “Replica” in 

“Partition 

Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 


Deleting a Replica Using PARTMGR 
Prerequisites 

• A workstation running DOS 3.30 or later and PARTMGR 

• A minimum of 512 KB of memory available on the workstation 

• The Supervisor object right to the object at the root of the partition for the replica 
you want to delete 
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Procedure 

1 At the DOS prompt, type 

PARTMGR <Enter> 

2 From the “Partition Administration” menu, choose “Manage Partitions.” 

Your current context appears in the upper left corner of the screen. 

3 Select the partition that has a replica you want to delete. 

• If the partition appears on the list, select it and press <Enter>. 

• If the partition is not on the list, browse the directory by selecting objects and 
pressing <Enter> until you see the partition you want. Select it and press 
<F10>. 

4 Select “View/Edit Replicas.” 

A list of the replicas stored on your selected partition appears. Each replica’s 
type is also displayed. 

5 Select the replica to delete and press <Delete>. 

You cannot delete a master replica. If the replica you want to delete is a master, 
go to a server with another replica of the master and make it the new master 
replica. This automatically changes the old master replica to a read/write replica, 
which you can delete. 

For instructions, see “Viewing a List of Partitions in a Directory Tree” in this 
chapter. 

6 To delete a replica, choose “Yes.” 

Additional Information 


For more information about 

Refer to 

Partitions 

“NetWare Directory partition,” “Partition 
management,” and “Replica” in Concepts 

Using PARTMGR 

“PARTMGR” in Utilities Reference 
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Sending Updates to Other Replicas 

Although NDS automatically synchronizes the directory data of replicas (so 
that each replica contains the most recent data), you can manually start the 
process to synchronize (update) the directory data of replicas, if necessary. 

You should use the Directory Services Repair utility to discover whether the 
data in some replicas is out of sync with the master replica. If the data is out 
of sync, you would want to send updates to those replicas manually. The 
data in the other replicas would be updated and the directory data of each 
replica would be synchronized. 

You can send updates to other replicas using NetWare Administrator or 
PARTMGR. Both procedures are documented in this section. 

Sending Updates Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• A minimum of 6 MB of memory available on the workstation 

• The Supervisor object right to the object at the root of the partition for the replicas 
to which you want to send updates 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 From the “Tools” menu, choose “Partition Manager.” 

3 Browse the “Partition Manager” screen to locate the partition whose replicas you 
want to update. 

If the container object does not appear in the window, browse the Directory tree 
either by selecting an object to see its subordinates or by selecting the arrow key 
to move toward the Root. Your current context appears in the upper left corner 
of the screen. 

For information about moving around in the “Partition Manager” screen and 
selecting objects, choose the “Help” button. 

4 Select the partition and choose “Replicas.” 

From the “Replicas” screen, select which replica you want to send updates from 
(the one that contains updated data) and choose “Send Updates to Other 


5 
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Replicas.” 

The updated data is sent to all existing replicas of the same partition. 

Additional Information 


For more information about 

Refer to 

Partitions 

“NetWare Directory partition,” "Partition 
management,” and “Replica” in Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 


Sending Updates Using PARTMGR 

Prerequisites 

• A workstation running DOS 3.30 or later and PARTMGR 

• A minimum of 512 KB of memory available on the workstation 

• The Supervisor object right to the object at the root of the partition for the replicas 
to which you want to send updates 

Procedure 

1 At the DOS prompt, type 

PARTMGR <Enter> 

2 From the “Partition Administration” menu, choose “Manage Partitions.” 

Your current context appears in the upper left corner. 

3 Select the partition whose replicas you want to update. 

• If the partition appears on the list, select it and press <F10>. 

• If the partition is not on the list, browse the Directory tree by selecting objects 
and pressing <Enter> until you see the partition you want. Select it and press 
<F10>. 

4 Choose “View/Edit Replicas.” 

A list of the replicas of the selected partition appears. Each replica’s type is also 
displayed. 

5 Select the replica you want to send updates from and press <F10>. 

6 Choose “Send Updates to Other Replicas.” 
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7 To send updates to all the other replicas, choose “Yes.” 

The replica information is sent to all other replicas of the partition (including the 
master replica). 

Additional Information 


For more information about 

Refer to 

Partitions 

“NetWare Directory partition,” “Partition 
management,” and “Replica” in Concepts 

Using PARTMGR 

“PARTMGR” in Utilities Reference 


Receiving Updates from Other Replicas 

Although NDS automatically synchronizes the directory data of replicas, (so 
that each replica contains the most recent data) you can manually 
synchronize (update) the directory data of replicas if they get out of sync. 

You should use the Directory Services Repair utility to discover if the data in 
some replicas is out of sync with the master replica. If the data is out of sync, 
you would want those replicas to receive updates from the master replica 
manually. 

You cannot choose “Receive Updates From Other Replicas” from a master 
replica. The master is assumed to be the most current and accurate copy of 
the partition. If it is not, you should assign one of the other replicas to be the 
master using the PARTMGR utility. 

If you choose “Receive Updates From Other Replica” from any replica, that 
replica receives NDS information from the master. 

You can receive updates from other replicas using NetWare Administrator or 
PARTMGR. Both procedures are documented in this section. 

Receiving Updates Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• A minimum of 6 MB of memory available on the workstation 

• The Supervisor object right to the object at the root of the partition for the replicas 
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to which you want to send updates 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 From the “Tools” menu, choose “Partition Manager.” 

3 Browse the “Partition Manager” screen to locate the partition whose replicas you 
want to update. 

If the container object does not appear in the window, browse the Directory tree 
either by selecting an object to see its subordinates or by choosing the arrow key 
to move toward the Root. Your current context appears in the upper left corner 
of the screen. 

For information about moving around in the “Partition Manager” screen and 
selecting objects, choose the “Help” button. 

4 Select the partition and choose “Replicas.” 

5 From the “Partition Replicas” screen, select which replica you want to update and 
choose “Receive Updates.” 

The replica you chose receives NDS information from the master replica. 

Additional Information 


For more information about 

Refer to 

Partitions 

“NetWare Directory partition,” “Partition 
management,” and “Replica” in Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 


Receiving Updates Using PARTMGR 

Prerequisites *A workstation running DOS 3.30 or later and PARTMGR 

• A minimum of 512 KB of memory available on the workstation 

• The Supervisor object right to the object at the root of the partition whose replicas 
you want to update 

Procedure 

1 At the DOS prompt, type 
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PARTMGR <Enter> 

2 From the “Partition Administration” menu, choose “Manage Partitions.” 

Your current context appears in the upper left corner of the screen. 

3 Select the partition whose replicas you want to update. 

• If the partition appears on the list, select it and press <F10>. 

• If the partition is not on the list, browse the Directory tree by selecting objects 
and pressing <Enter> until you see the partition you want. Select it and press 
<F10>. 

4 Choose “View/Edit Replicas.” 

A list of the replicas of the selected partition appears. Each replica’s type is also 
displayed. 

5 Select the replica you want to update and press <F10>. 

6 Choose “Receive Updates from Other Replicas.” 

7 To receive updates from all the other replicas, choose “Yes.” 

The selected replica receives NDS information. 

Additional Information 


For more information about 

Refer to 

Partitions 

“NetWare Directory partition,” “Partition 
management,” and “Replica” in Concepts 

Using PARTMGR 

“PARTMGR” in Utilities Reference 


Viewing a List of Partitions Stored on a NetWare Server 

When you view a list of partitions stored on a NetWare server, you are 
seeing all the partitions that have a replica stored on the selected server and 
the type of each replica. 

You can see a list of partitions stored on a NetWare Server object using 
NetWare Administrator or PARTMGR. Both procedures are documented in 
this section. 
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Listing Partitions Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• A minimum of 6 MB of memory available on the workstation 

• The Write property right to the ACL property of the NetWare server object for 
the partitions you want to view 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 From the “Tools” menu, select “Partition Manager.” 

3 Browse the “Partition Manager” screen to find the NetWare Server object for the 
partition list you want to view. 

If the NetWare Server object does not appear in the window, browse the 
Directory tree either by choosing an object to see its subordinates or by choosing 
the arrow key to move toward the Root. Your current context appears in the 
upper left corner of the screen. 

For information about moving around in the “Partition Manager” screen and 
selecting objects, choose the “Help” button. 

4 Select the NetWare Server object and choose “Server Partitions.” 

A list of the partitions stored on the server is displayed. 

Additional Information 


For more information about 

Refer to 

Partitions 

“Partition, Directory Services,” 

“Partition management,” and “Replica” in 
Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 
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Listing Partitions Using PARTMGR 
Prerequisites 

• A workstation running DOS 3.30 or later and PARTMGR 

• A minimum of 512 KB of memory available on the workstation 

• The Write property right to the ACL property of the NetWare Server object for 
the partitions you want to view 

Procedure 

1 At the DOS prompt, type 

PARTMGR <Enter> 

2 From the “Partition Administration” menu, select “Manage Partitions.” 

Your current context appears in the upper left corner of the screen. 

3 Select the server whose partitions you want to list. 

• If the server appears on the list, select it and press <F10>. 

• If the server is not on the list, browse the directory by selecting partitions and 
pressing <Enter> until you see the server you want. Select it and press <F10>. 

A list of the partitions stored on the server appears. 

Additional Information 


For more information about 

Refer to 

Partitions 

“NetWare Directory partition,” “Partition 
Management,” and “Replica” in Concepts 

Using PARTMGR 

“PARTMGR” in Utilities Reference 


Viewing a List of Replicas in a Partition 

You can see a list of a partition’s replicas, the servers where the replicas are 
stored, and whether a replica is a master, read/write, or read-only type. 

You can view a replica list using NetWare Administrator or PARTMGR. 
Both procedures are described in this section. 
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Listing Replicas Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• A minimum of 6 MB of memory available on the workstation 

• The Write property right to the ACL property of the NetWare Server Object for 
the replicas you want to view 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 From the “Tools” menu, select “Partition Manager.” 

3 Browse the “Partition Manager” screen to locate the partition for the replica list 
you want to view. 

If the partition does not appear in the window, browse the Directory tree either 
by choosing an object to see its subordinates or by choosing the arrow key to 
move toward the Root. Your current context appears in the upper left corner of 
the screen. 

For information about moving around in the “Partition Manager” screen and 
selecting objects, choose the “Help” button. 

4 Select the partition and choose “Replicas.” 

A list of replicas appears, including the server where each replica is stored, the 
replica type, and the time and date of the last time the replica was synchronized 
with the other replicas. 

Additional Information 


For more information about 

Refer to 

Partitions 

“NetWare Directory partition,” “Partition 
management,” and “Replica” in Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 
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Listing Replicas Using PARTMGR 
Prerequisites 

• A workstation running DOS 3.30 or later and PARTMGR 

• A minimum of 512 KB of memory available on the workstation 

• The Write property right to the ACL property of the NetWare Server object for 
the replicas you want to view 

Procedure 

1 At the DOS prompt, type 

PARTMGR <Enter> 

2 From the “Partition Administration” menu, choose “Manage Partitions.” 

Your current context appears in the upper left corner of the screen. 

3 Select the partition whose replicas you want to list. 

• If the partition appears on the list, select it and press <F10>. 

• If the partition is not on the list, browse the Directory tree by selecting 
partitions and pressing <Enter> until you see the server you want. Select it 
and press <F10>. 

The “Partition Management” menu appears. Your current context appears in the 
title. 

4 Select “View/Edit Replicas.” 

The “Replicas Stored on Server” screen appears, which lists the replicas of the 
selected partition, the server on which they reside, and the type of each replica. 

Additional Information 


For more information about 

Refer to 

Partitions 

“NetWare Directory partition,” “Partition 
management,” and “Replica” in Concepts 

Using PARTMGR 

“PARTMGR” in Utilities Reference 
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Viewing a List of Partitions in a Directory Tree 

You can see a list of all partitions to which you have Browse rights in an 
NDS free using NetWare Administrator. 

Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• A minimum of 6 MB of memory available on the workstation 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 From the “Object” menu, choose “Search.” 

3 Choose the drop-down arrow button at the right of the “Search For” field. 

4 Scroll through the drop-down list until you find “Partition.” 

5 Select “Partition” and choose “OK.” 

A list of the partitions in the Directory tree appears. Any partition for which you 
do not have the Browse right to the object at the root does not appear in the list. 

Additional Information 


For more information about 

Refer to 

Partitions 

“NetWare Directory partition,” “Partition 
management,” and “Replica” in Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 


Changing a Replica’s Type 

You can change replica types according to the following guidelines: 

• You can have only one master replica of a partition. Creating a new master replica 
automatically changes the old master replica to a read/write replica. 

• You can change read/write replicas to read-only, and vice versa, without 
affecting other replicas of the same partition. 
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You can change a replica’s type using NetWare Administrator or 
PARTMGR. Both procedures are documented in this section. 

Changing a Replica’s Type Using NetWare Administrator 

Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• A minimum of 6 MB of memory available on the workstation 

• The Supervisor object right to the object at the root of the partition for the replica 
you want to change 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 From the “Tools” menu, select “Partition Manager.” 

3 Browse the “Partition Manager” screen to locate the Server object that contains 
the replica type you want to change. 

If the NetWare Server object does not appear in the window, browse the 
Directory tree either by choosing an object to see its subordinates or by choosing 
the arrow key to move toward the Root. Your current context appears in the 
upper left comer of the screen. 

For information about moving around in the “Partition Manager” screen and 
selecting objects, choose “Help” from the main menu bar. 

4 Select the partition whose replica you want to change and choose “Replicas.” 

5 From the list of replicas, select the replica you want to change. 

Be careful to select the correct replica by noting the server where it is located as 
well as its type. 

6 Choose “Change Type.” 

7 Choose the type of replica you want the replica to become. 

8 Choose “OK.” 

The new replica type appears on the “Partition Replicas” screen. 

If you created a master replica and one already existed, the replica you just 
created is now the master replica and the old master replica is changed 
automatically to a read/write replica. 
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Additional Information 

For more information about 

Refer to 

Partitions 

“NetWare Directory partition,” “Partition 
management,” and “Replica” in Concepts 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 


Changing a Replica’s Type Using PARTMGR 
Prerequisites 

• A workstation running DOS 3.30 or later and PARTMGR 

• A minimum of 512 KB of memory available on the workstation 

• The Supervisor right to the object at the root of the partition 

Procedure 

1 At the DOS prompt, type 

PARTMGR <Enter> 

2 From the “Partition Administration” menu, choose “Manage Partitions.” 

Your current context appears in the upper left corner of the screen. 

3 Select the partition whose replica you want to change. 

• If the partition is on the list, select it and press <F10>. 

• If the partition is not on the list, browse the Directory tree by selecting 
partitions and pressing <Enter> until you see the partition you want. Select it 
and press <F10>. 

4 Choose “View/Edit Replicas.” 

A list of the replicas of the selected partition appears. The replica type is also 
displayed. 

5 Select the replica you want to change and press <F10>. 

6 Choose “Change Replica Type.” 

7 Press <Enter> and choose the replica type you want the replica to become. 

8 Press <F10> to save the replica as the new type. 
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The new replica type appears on the list and on the “Partition Replicas” screen. 

If you changed a replica type to a master and a master replica already existed, 
the replica you just changed to master is now the master replica and the old 
master replica is changed automatically to a read/write replica. 

Additional Information 


For more information about 

Refer to 

Partitions 

“NetWare Directory partition,” “Partition 
management,” and “Replica” in Concepts 

Using PARTMGR 

“PARTMGR” in Utilities Reference 


4-41 





Managing the NetWare Directory Services Tree 

Removing NetWare Directory Services from a Server 


Removing NetWare Directory Services from a Server 

You may want to remove NDS from an existing server if you mistakenly 
installed it into the wrong Directory tree or into the wrong Organization or 
Organizational Unit in the tree. This section discusses how to safely remove 
NDS. 


Considerations Before Removing NDS 

Removing NDS from a server may corrupt your NDS database. In most 
cases, this procedure is not necessary to correct a NetWare 4 problem. 
Before removing NDS, ask these questions: 

• Do other servers get Directory information (such as partition replicas) from this 
server? 

• Could a bad LAN driver (one that does not communicate properly with NDS) be 
causing the problem? 

• Could routers, network boards, or other hardware components be causing the 
problem? 

If you answered “yes” to any of these questions, remove NDS only as a last 
resort after resolving all other problem areas. 

By removing NDS from a server, you remove the NetWare Server object 
from the Directory free and downgrade the server’s volumes to bindery 
volumes. Trustee assignments and all NDS information, such as links to 
subordinate partitions, are lost. 

If you installed this server into the wrong container, it is not necessary to 
remove NDS. Use the Partition Manager tool in NETADMIN to move the 
Server object to the correct container. 
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WARNING: Removing NDS may corrupt your Directory database. You must remove NDS if 

you are reformatting this server’s hard drive. Do not remove NDS unless 
Technical Support advises you to remove NDS from the server. 


Removing NDS from a Server 
Prerequisites 

• Access to the server console and superuser privileges. 

• The Supervisor object right to the NetWare Server object and its associated 
Volume objects. 

• Make sure all the server’s volumes are mounted. Unmounted volumes will not 
get their Volume objects removed from the Directory database. 

Procedure 

1 Run the dsinstall utility. 

2 From the “Directory Services Install” window, select “Remove Directory 
Services from this Server” and press <Enter>. 

3 At the confirmation prompt, choose “Yes.” 

The “Directory Services Login/Authentication” screen appears. 

4 Type the password for User ADMIN in the “Password” field and press <Enter>. 

After you enter the password, the server’s mounted volumes are downgraded 
and a message displays the number of volumes affected. Then the system checks 
for Directory connections to other servers. 

5 (Conditional) If this server contains a master replica, you must designate another 
server to hold the replica. Choose one of the following and press <Enter>: 

• Designate the server automatically. 

Directory Services Install finds the first server with a replica of this partition 
and changes its type to “master.” 

• Designate the server yourself. 

Highlight the server where you want the master replica located. 

Press <F10> to save and continue. 


A message notifies you that the master replica has moved. 
6 To continue, press <Enter>. 
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Directory Services Install removes NDS and deletes the Server object and 
Volume objects associated with it from the Directory database. 

If a Directory link is down (such as another server containing objects from this 
server), you must use Partition Manager to delete the Server and Volume objects 
from the Directory database. 

7 To exit Directory Services Install, return to the Directory Services Install main 
menu and select Exit. 

8 Reset your time servers. 

Since you have removed NDS, you must update your time servers. See the next 
section for more information. 

Updating Your Time Servers 

Now that directory services has been removed from your Single Reference 
time server, if other servers exist in this Directory tree, you must select the 
next Secondary time server that is polled to become the Single Reference 
time server so that your time servers will be synchronized. 

To do this, change the “Server Type” variable in SAM. 

Re-installing NDS on a Server 

This procedure re-installs NDS on a server. It does not preserve the trustee 
assignments from the first time NDS was installed on the server; you must 
make those assignments again. 

Prerequisites 

• Access to the server console. You must also be a superuser. 

• The Supervisor object right to the container in which you want to install the 
server 

Procedure 

1 Run the DS Install utility. 

2 From the “Directory Services Install” menu, select “Install Directory Services 
onto this Server” and press <Enter>. 

3 Install NetWare Directory Services on the server. 

To select a Directory tree and install NDS on the server, follow the instructions 
in chapter 5 of the NetWare 4.1/9000 Installation and Administration Guide. 
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4 To exit Directory Services Install, return to the dsinstall main menu and select 
“Exit.” 
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Deleting a NetWare Server Object from the NDS 
Database 

The following sections show you how to delete NetWare Server objects 
from NDS using either NetWare Administrator in Windows or PARTMGR 
in DOS. Both procedures are described in this section. 

Considerations Before Deleting NetWare Server Objects 


WARNING: Deleting a NetWare Server object permanently removes it from your network! 

It also permanently removes its data and resources from the network. 

Deleting a NetWare Server object may corrupt your NDS database, especially if 
the Server object provides NDS database services (such as storing partition 
replicas). 


Before deleting the Server object with the Partition Manager tool, consider 

these alternatives: 

• Change the master replicas stored on this server to read/write replicas and then 
delete all replicas on the server. Once all the processes are complete, you can 
delete the server. 

• Remove NDS from the server with the DS Install utility (described in “Removing 
NDS from a Server” in this chapter). This procedure protects your NDS database 
from lost services. 

• To move the NetWare Server object to another context, use the “Move Server 
Object” option in the Partition Manager tool. (You do not need to delete the 
NetWare Server object and re-create it in another context.) 

• If the NetWare Server object you are deleting does not contain any NDS database 
partitions or replicas, follow the procedures in “Moving Container Objects Using 
NETADMIN” in chapter 2. 
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Deleting a NetWare Server Object Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator. 

• A minimum of 6 MB of memory available on the workstation. 

• The Supervisor object right to the container of the server object you want to 
delete. 

• Create a new master replica (if a master replica is stored on the NetWare Server 
object). See “Viewing a List of Partitions in a Directory Tree” in this chapter. 

Procedure 

1 Bring down the HP-UX server by typing: 

stopnw 

stopnps 

2 From the Windows Program Manager at your workstation, click on the “NetWare 
Administrator” icon. 

3 Select “Partition Manager” from the “Tools” menu. 

4 Browse the “Partition Manager” screen to locate the NetWare Server object that 
you want to delete. 

If the NetWare Server object does not appear in the window, browse the 
Directory tree either by choosing an object to see its subordinates or by choosing 
the arrow key to move toward the Root. Your current context appears in the 
upper left comer of the screen. 

For information about moving around in the “Partition Manager” screen and 
selecting objects, choose the “Help” button. 

5 Select the NetWare Server object and choose “Delete Server.” 

The server is deleted from the NDS database. 

Additional Information 


For more information about 

Refer to 

Deleting objects from the 

NDS database 

“Deleting Objects from the Directory 

Tree” in chapter 2 
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For more information about 


Refer to 

Using NetWare Administrator 

“NetWare Administrator” in Utilities 
Reference 


Deleting a NetWare Server Object Using PARTMGR 
Prerequisites 

• A workstation running DOS 3.30 or later and PARTMGR. 

• A minimum of 512 KB of memory available on the workstation. 

• The Supervisor right to the container of the Server object you want to delete. 

• Create a new master replica (if a master replica is stored on the NetWare Server 
object). See “Viewing a List of Partitions in a Directory Tree” in this chapter. 

Procedure 

1 Bring down the HP-UX server by typing: 

stopnw 

stopnps 

2 At the workstation DOS prompt, type 

PARTMGR <Enter> 

3 From the “Partition Administration” menu, select “Manage Partitions.” 

Your current context appears in the upper left corner of the screen. 

4 Select the NetWare Server you want to delete. 

• If the server appears on the list, select it and press <Delete>. 

• If the server is not on the list, browse the directory by selecting objects and 
pressing <Enter> until you see the server you want. Select it and press 
<Delete>. 

The NetWare Server object is deleted from the NDS database. 

NOTE: It may take a long time for all the other servers to know that a server is down. You 

should wait several minutes after downing a server before deleting it. 

Additional Information 
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For more information about 

Refer to 

Deleting objects from the 

“Deleting Objects from the Directory 

NDS database 

Tree” in chapter 2 

Using PARTMGR 

“PARTMGR” in Utilities Reference 
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Importing User Information into the NDS Database 

The UIMPORT utility allows you to import data from an existing database 
into the NDS database. This utility is particularly valuable if you have 
hundreds or thousands of user records that you want to record in NDS 
without having to re-create each user manually. 

Any application capable of converting records to a comma-separated ASCII 
file will work with UIMPORT. 

You can use UIMPORT to automate the maintenance of your NDS database 
when you want to 

• Create User objects in the NDS database using records from another database. 

• Update User properties in the NDS database when records are changed in your 
original database program. 

• Delete User objects when their accounts on the network are no longer needed. 


Understanding the Import Process 

The process for importing records from your database into the NDS database 
is as follows: 

1 Generate a data fde—a delimited ASCII text fde—from your existing database 
records. 

Most applications let you save data as a comma-separated ASCII text file with 
quotation marks as delimiters. 

2 Create an impoit control file to interpret the data file. 

You can create the import control file using any text editor under DOS. This file 
defines how records in the data file are imported into NDS and which fields 
(properties) the data will be placed in. 

3 Create User objects using UIMPORT to transfer data from your database to the 
NDS database. 

Figure 4-2 gives you a general overview of the import process. 
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generate 



Figure 4-7 Import Process 

Preparing to Import User Information into the NDS Database 

This section gives some background information you should be familiar 
with before performing the import. 

Generating the Data File 

You generate a data file from within your database application, or any other 
application, by saving the data as a delimited ASCII text file. Most 
applications use commas as the default field separator and quotation marks 
as the default delimiter. 

The following figure shows a sample database table created using 
Borland*’s Paradox* for Windows, and the data file generated from it. 
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Paradox for Windows - [Table : STAFF.DB] 


File Edit Table Record Properties Window Help 



lodQ 


□ 


dob title= 


Delimiter - 
Separator - 


Tester 

Manager 

Project Specialist 
Writer 


\Jsmith", "Smith”, "John", "Testing”, "Tester", "55 1 
- . jVJones","Mike","Customer Satisfaction" 

bciark , 


^Clark", "Betty", "Services”, "Project 
"ApOrtGr", 'Yorter","Amy","Marketing"."Writer 

^Igrant'^j 


,ant","Jerry","Designer", 555-344 —, 


=Telephone= 

555-5678 

555-8483 

555-7531 

555-7228 

555-3444 


Figure 4-8 Generate a Data File 

If you need instructions on how to save your data as a delimited ASCII file, 
see the documentation accompanying your application. 

Embedded Punctuation 

Before you generate a data file from within your database application, look 
for embedded punctuation in the data fields. 

If the fields in your database have embedded punctuation (for example, 
quotation marks or commas), you should not use that same punctuation as 
field separators or delimiters when you export the data. 

If you do, UIMPORT will not be able to distinguish between new fields and 
embedded punctuation. 
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Since embedded quotation marks and commas are the most commonly 
found punctuation in database fields, here are some guidelines, grouped 
according to four situations you might encounter, to help you avoid 
problems in generating a data file: 

• You have both embedded quotation marks and embedded commas that you do 
not want to delete. 

We recommend that you export the data using a different character for the 
comma separator, and that you not use quotation marks as delimiters. 

For example, you could export data with carets ( A ) in place of comma 
separators. As a result, carets would separate the fields in the data file you 
generate. You must specify in the import control file the replacement character 
you use. (See Table 4-1.) 

You should also export data without using quotation marks to delimit the fields. 
If your application uses quotation marks as the default delimiter, you must 
change the delimiter to a different character or choose to use no delimiter. 

If you use a different character, you must specify in the import control file the 
replacement character you use. (See Table 4-1.) 

• You have neither embedded quotation marks nor embedded commas. 

We recommend that you export the data using commas to separate the fields. 

If your application inserts quotation marks as delimiters around each field, you 
can either accept this default or choose to use no delimiter. 

• You have embedded commas, but no embedded quotation marks. 

We recommend that you export the data using a different character for the 
comma separator. 

For example, you could export data with carets ( A ) in place of comma 
separators. As a result, carets would separate the fields in the data file you 
generate. You must specify in the import control file the replacement character 
you use. (See Table 4-1.) 

If your application inserts quotation marks as delimiters around each field, you 
can either accept this default or choose to use no delimiter. 

• You have embedded quotation marks, but no embedded commas. 

We recommend that you export data using commas to separate the fields and 
without using quotation marks to delimit the fields. 
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However, if your application uses quotation marks as the default delimiter, you 
must change the delimiter to a different character or tell your application to use 
no delimiter. 

If you use a different character, you must specify in the import control file the 
replacement character you use. (See Table 4-1.) 

Required “Name” Field 

One of the fields required to create new user objects in the NDS database is 
name. If you do not have a field in your database that records each 
individual’s login name, you have a few options: 

• You can create a login name field within your application (and assign each 
individual a unique eight-character login name) before generating the data file. 
This option is recommended. 

• You can generate the data file and then add a unique login name field to each 
string of user information in the data file. 

• You can use an existing field in your application to represent the login name field. 
For example, you may have a field of employee or ID numbers. You can generate 
the data file and import the unique numbers into NDS as user login names. (Keep 
in mind that numbers are not as easy to recognize or manage as names.) 

Creating the Import Control File 

You can create the import control file using any text editor under DOS. 

This file controls how the information in the data file will be imported into 
the NDS database and determines which fields (called properties in NDS) 
the data will be placed in. The import control file contains two types of 
information: 

• Control parameters define characters used in the data file and specify how data is 
updated. 

Control parameters are explained in Table 4-1. Field definitions are explained in 
Table 4-2. 

• Field definitions determine where data is put in the NDS database (which 
properties the fields are imported into). 

Use these guidelines to create the control file: 

• Enter control parameters first, followed by field definitions, as follows: 
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Import control 
Separator= A 
User template=y 
Fields 

Last name 
Name 
Telephone 
Title 

• Control and field parameters are not case-sensitive. The headings “Import 
Control” and “Fields” must be left aligned (you do not have to specify import 
control parameters if you use the defaults). 

• Entries under the headings must be preceded by at least one space or a tab. 

• To create a new user, two field definitions are required: “Name” (the user’s login 
name) and “Last name.” 

• To update records for users who have already been created, only the “name” field 
is required. These fields are explained in Table 4-2. 

• All fields in the data file must have a corresponding field definition in the import 
control file. To see a sample data file and its corresponding import control file, 
see “Data File Created from Exported Database Fields” in this chapter. 

Although you do not have to save the import control file in the same 
directory in which you saved the data file, doing so makes locating the files 
and running UIMPORT easier. If you do not, you will have to specify the 
path to each of the files when you run UIMPORT. 

After generating the data file and creating the import control file, see 
“Creating User Objects with the UIMPORT Utility” in this chapter to start 
the import process. 

Additional Information 


For more information about 

Refer to 

Creating a comma-separated 
ASCII file 

Your database application documentation 
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For more information about 

Refer to 

Creating and managing User 

Chapter 2, “Setting Up and Managing 

objects 

NetWare Directory Services Objects” 

Starting the import process 

“Creating User Objects with the 

UIMPORT Utility” in this chapter 

NetWare Directory Services 

“NetWare Directory Services” in 

Concepts, and Introduction to NetWare 
Directory Sendees 


Control Parameters Use the application control par ameters in Table 4-2 to 
create the “Import control"' section of the import control file. These can be 
changed by adding the control parameter in the data file. When doing so, add 
an exclamation point (!) before the control parameter in the data file. (See 
“Data File Edited to Update User Objects” in this chapter .) 

Table 4-1 UIMPORT Control Parameters 


Control Parameter 


Explanation 


Create home directory Note: If you don’t set this parameter to Y, you can still import Home 

Directory values through the control section of the import control file or 
through the data file. These values will be put into the object’s Home 
Directory property, but the directory on the file system will not be created. 

Allows you to create a home directory for User objects. 

If you create a home directory, users automatically receive filesystem rights 
to work in that directory. This option will not work unless you set the 
“Home directory path” and “Home directory volume” control parameters. 

(Also, this option will not work if you define a data field for “Home 
Directory,” because that field will override Create home directory.) 

For example, if you want the users you are importing to have a home 
directory, type CREATE HOME DIRECTORY=Y. 

The default setting is “N”, so if you don't want to create home directories, 
no parameter is needed. 
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Table 4-1 UIMPORT Control Parameters 


Control Parameter 


Explanation 


Delete Mailbox Dirs To delete the mailbox directories, type DELETE MAILBOX DIRS=Y. 

Allows you to delete the mailbox directories when moving a user’s 
mailbox from one messaging server to another or changing the mailbox ID 
of a user. 

The default is “N”; so if you don't want to delete the mailbox directories, 
no parameter is needed. 

Delete property There is no default for this property, so if you don’t want to delete 

properties, no parameter is needed. 

Volume restrictions. To delete volume restrictions, enter the volume name 
and a negative integer such as -1 for the restrictions. For example: VOL1:- 
1 

You cannot delete the following properties with the Delete property 
parameter: 

Allows you to delete values for a property of a User object. 

For example, to delete all titles from a User object’s Title property, type 
DELETE PROPERTY=#DEL, and then edit the data file by putting 
“#DEL” in the Title field. 

If you delete a group membership, you also delete the security equivalents 
for the group. 

Password. To delete the password, enter ““ (a null field) for the password 
field. 

Home directory. You can delete the Home directory property, but the home 
directory path will not be deleted by UIMPORT. You must go manually to 
this directory and delete it. 

For more information, see “Creating User Objects with the UIMPORT 
Utility” in this chapter. 
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Table 4-1 UIMPORT Control Parameters 


Control Parameter 


Explanation 


Home directory path If you create a home directory for User objects, you must specify a path in 
the file system where you want the directories to be created. This and the 
Home directory volume must be entered as a pair. If you specify a Home 
directory volume, the path will be assumed to be null unless this field is 
also specified. 

If you want home directories created in the Users directory, type HOME 
DIRECTORY PATH=”USERS”. Do not include the volume name in the 
path. 

Home directory volume For example, if the file specified in “Home directory path” is on volume 

SYS:, enter the Volume object’s complete DS name. For example: HOME 
DIRECTORY VOLUME=”SYS.STUDENT RECORDS.UNIVERSITY”. 

If you create a home directory for User objects, you must specify the name 
and context of the Volume object associated with the file system where the 
home directories are created. 

When creating users, the Home directory volume is set in the following 
order: 

1 Information in the data file. If the data file has a home directory 
specified, its value will be used. 

2 If there is no home directory specified in the data file, the home directory 
from the User Template object will be used. This happens regardless of 
whether or not you select to copy the user template properties when 
creating users. 

3 If the home directory is not found in the data file or the User Template, 
this control parameter (Home directory volume) will be used. 
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Table 4-1 UIMPORT Control Parameters 


Control Parameter 


Explanation 


Import mode Controls how the User objects will be created or updated. Options are C 

(create new objects only), U (update data for existing objects only), B (both 
create and update), and R (remove objects). 

The default is “B”, so if you want new objects to be created and existing 
users updated, no parameter is needed. 

Note: You can use the same import control file for adding and deleting 
users by just changing the Import mode to R (Remove objects). This can be 
especially useful if you have just created some users with incorrect 
information and need to restart the entire process. Change the Import mode 
to R, run UIMPORT to delete the users, then change the Import mode back 
to C or B and rerun UIMPORT. 

Maximum directory Initially this option is set to 5; but you should increase the number if you 
retries get the message “991: An error occurred in NWDSMapNameToID...” 

Allows you to specify how many times UIMPORT should attempt to get 
the object ID of the user you have just added in order to create home 
directories and mailbox directories. 

For example, type MAXIMUM DIRECTORY RETRIES=5. 

If NDS creates your user on one server’s replica and you create the home or 
mailbox directory on another server, the second server may not know about 
the user immediately. This option allows time for the network to catch up 
with the request to add the user on the other server. 

Name context Specifies the NDS context where user objects will be created. You should 

always use this parameter. 

For example, if you are in the Organization Development. ACME and you 
want to create user objects in a different Organizational Unit (Engineering), 
type NAME CONTEXT=.ENGINEERING.ACME. 

The default is your current context (the context displayed when you type 
CX from the command line). 
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Control Parameter 


Explanation 


Quote The default characters for delimiters are quotation marks (“ ”). If you don't 

have embedded quotation marks in fields in your database and you generate 
the data file with quote delimiters, no parameter is needed. 

Specifies the character used to delimit fields when exporting data to the 
data file. You might want to change the delimiter from quotation marks to 
different characters if your data has embedded quotation marks and you 
don't want to delete them. 

For example, if you have any embedded quotation marks in fields in your 
database, you could export data using carets ( A ) as the delimiter. You would 
enter QUOTE= A as the quote parameter. 

Replace value Allows you to overwrite or add data to multivalue properties. 

For example, to import new telephone numbers to User properties without 
saving the existing numbers, type REPLACE VALUE=Y. 

The default is “N,” so if you don’t want data to be added to multivalued 
properties, no parameter is needed. You do not need to set this parameter 
for single-value fields, because the new value automatically overwrites the 
existing value. 

Separator The default separator is a comma. If you have no embedded commas in 

fields in your database and you generate the data file with comma 
separators, no parameter is needed. 

If the fields in your database have embedded punctuation, (such as 
commas), you should not use the same punctuation as field separators when 
you export the data to the data file. If you do, UIMPORT won't be able to 
distinguish between new fields and embedded punctuation. Instead, use a 
different character as the separator. 

Specifies the character used to separate fields when exporting data to the 
data file. 

For example, if you have any embedded commas in fields in your database, 
you could export the data using a semicolon (;) as the field separator. You 
would enter SEPARATOR=; as a control parameter. 
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Control Parameter 


Explanation 


User template Specifies whether you want user template defaults to be applied to the User 

objects being created. (User template defaults are explained in “Managing 
User Templates” in chapter 2.) 

To apply template properties to User objects, type USER TEMPLATE=Y. 
Template properties are applied first, and then properties from the data file 
are imported. 

The default is “N”, so if you do not want the user template defaults applied 
to the new User objects, no parameter is needed. 

The following fields are copied from the user template: 

Account balance. Account has expiration date. Allow unlimited credit. 
Allow user to change password. City, Days between forced changes. 
Default server. Department, Description, Fax number. Foreign Email 
address. Foreign Email alias. Full name. Generational qualifier. Given 
name, Grace logins allowed. Group membership. Home directory. 
Language, Location, Login allowed time. Login script. Low balance limit. 
Mailbox location. Mailing label information. Maximum connections, 
Minimum password length. Network address restriction. Postal (ZIP) code. 
Postal office box. Profile, Remaining grace logins. Require a password, 
Require unique passwords. Security equal to. See also. State or province, 
Street address. Telephone, Title 


Field Definitions 

Use the applicable field definitions in the following table to create the import 
control file. 

A single-value property can contain only one entry (property). If you put 
more than one entry for a single-value property in the control file, only the 
last one is saved. 

A multiple-value property can contain more than one entry. If you want to 
replace existing values in existing users, make sure to set the Replace Value 
control parameter to Y. By default, all values are added to those already in 
the user object. 
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Property 

Property description 

Account balance 

Single-value property. In the data file, enter the beginning account balance 
for the user. If accounting is not turned on, this field has no use. 

Account disabled 

Single-value property. In the data file, enter Y if you want to disable this 
account. 

If you enter Y, you can’t modify Password or Login script. 

The default is N; so if you don't want the account disabled, no field is 
required. 

Account has expiration 

Single-value property. In the data file, enter the date in the form MM/DD/ 

date 

YY. It will expire at 12:01 a.m. on that date. 

Allow unlimited credit 

The default is N. 

Single-value property. In the data file, enter Y to allow unlimited credit. 

Enter N to not allow unlimited credit. If accounting is not turned on, this 
field has no use. 

Allow user to change 

Single-value property. If you don't want the user to be able to change his or 

password 

her password, enter N in the data file. The default is Y, so if you want to 
allow the user to change the password, no parameter is needed. 

City 

Single-value property. In the data file, enter the name of the city. 

Date password expires 

Single-value property. In the data file, enter the date the password expires 
in the form MM/DD/YY. It will expire at 12:01 am on that date. 

Days between forced 

Single-value property. In the data file, enter the number of days before 

changes 

requiring the user to change the password. 

The default is 40. 

The possible values for this field are numbers 1 through 365. Do not set this 
value to 0. 

Default server 

Single-value property. In the data file, enter the name of the server from 
which the user gets messages when they are sent with the SEND utility. 

In the data file, enter the NDS name of the server, including the context if 
the server is not in the same context as the user. 
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Property 

Property description 

Department 

Multivalue property. In the data file, enter the department name, code, 
number, or other type of information. 

Description 

This field is a string; all data from the opening to the closing quotation 
mark is considered part of the field. 

Single-value property. In the data file, enter any type of information about 
the user that you want to impoit. The field must be enclosed in quotation 
marks (or the delimiter defined in the control file) if it contains commas or 
new-line characters. 

Fax number 

Multiple-value property. In the data file, enter the fax number for each user 
you want to import. 

Foreign Email address 

Single-value property. In the data file, enter the foreign E-mail address of 
the user, which specifies a mailbox that resides in a foreign E-mail system. 
This information is used by NetWare MHS Services. 

The format for this value is Type:Value, where Type is the type of 
messaging protocol and Value is the user’s address (in the format required 
by the foreign E-mail system). 

For example, in your data file you could enter a field such as 

SMTP: Jjones@Acme.com. 

Foreign Email alias 

For example, an MHS user (a user whose mailbox is located on an MHS 
Messaging Server) can have an X.400 alias—with an X.400 native name— 
so that X.400 users can use this alias to send mail to the MHS user. 

Multiple-value property. In the data file, enter the foreign E-mail aliases of 
the user, which specify an object’s aliases as known in a foreign messaging 
system. This information is used by NetWare MHS Services™. 

The format for this value is Type:Value, where Type is the type of 
messaging protocol and Value is the user’s name (in the format required by 
the foreign 

E-mail system). 

For example, in your data file you could enter a field such as 
X400:g=joe;s=jones;ou=sales;o=acme;p=acmemd;a=att;c=us 
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Property 

Property description 

Full name 

Single-value property. In the data file, enter the user’s full name. 

For example: in your data file you could enter a field such as Roland D 
Bruns. 

Generational qualifier 

Single-value property. In the data file, enter the generational qualifier for 
the user’s name. Usually this is Jr., Sr., II or III. 

For example, if the user’s name is Bob Wilson III, enter III in the data file. 

Given name 

Single-value property. In the data file, enter the given name of the user. For 
example, for John Doe, enter John. 

Grace logins allowed 

Single-value property. In the data file, enter the number of grace logins 
allowed before the account is locked. 0 implies no limit. 

Group membership 

Multiple-value property. This field allows you to organize groups of users 
who need similar rights and access to network resources. In the data file, 
enter the names of the groups to which this user belongs. If the group 
object is in a different context from the user, enter the complete NDS name 
of the group, including its context. 

Home directory 

Single-value property. In the data file, enter the volume and path of the 
home directory in the following format: 

Volume Name:path 

If the volume is in a different context from the user, enter the complete 

NDS name. Separate the volume name and the path by a colon (:). Include 
the full path, including the final directory. 

For example, for user ABC1, create the home directory on Volume object 
VOL1. VOL1 is in the same context as the user: 

VOLl:USERS\ABCl 

This field in the data file will override the Home Directory field in the 
control section. 

Initials 

Single-value property. In the data file, enter the middle initial of the user. 

For John I. Doe, enter I here. 
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UIMPORT Field Definitions 

Property 

Property description 

Language 

Multiple-value property. In the data file, enter the language directories to be 
searched to find the message files for NetWare utilities for this user. 

If more than one language directory should be searched, enter multiple 
language fields. The order is important. The first entry is the first language 
directory to be searched, the second is the second language directory to be 
searched, etc. 

Last name 

Single-value property. In the data file, enter the user’s last name. A value is 
required for this field when you are creating new User objects. 

Location 

Multiple-value property. In the data file, enter any information about a 
user’s work, department, or division location. 

Login script 

The value of the login script is the name of a file containing the ASCII text 
for the login script. You can use the same file for all users or have a 
separate file for each user. In the data file, enter the path to the file as a DOS 
path. For example, 

C:\DIRl\MYLOGIN.SCR 

The maximum size of the login script is 16,384 bytes. If the file is larger 
than this, only the first 16,384 bytes are copied to the login script. 

Low balance limit 

Single-value property. If unlimited credit is not allowed, in the data file 
enter the lowest balance the user can have and still receive services that are 
chargeable. 

If accounting is not turned on, this field has no effect. Also, if Allow 
unlimited credit is set to Yes, this field has no effect. 

Mailbox ID 

Single-value property. This is a unique name that specifies the directory in 
which all the object’s inbound mail is placed. This information is used by 
NetWare MHS Services. 

In the data file, assign the user a mailbox ID using the user’s login name. If 
the user’s name has spaces in it or uses non-DOS characters, assign the user 
a mailbox ID using the user’s login name, but eliminate the spaces and 
other illegal characters to form a legal DOS name. 

If you do not assign a user a mailbox ID, UIMPORT does so automatically. 
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Property 


Property description 


Mailbox location Single-value property. In the data file, enter the name of the messaging 

server on which the user’s mailbox is located. If the messaging server is not 
in the same context as the user, enter the complete NDS name of the 
messaging server. 

For example, if the user’s mailbox is located on a messaging server named 
SERVMAN_MSG and the context of SERVMAN_MSG is 
Publications.ACME, enter SERVMAN_MSG.Publications.ACME. 

Mailing label Multiple-value property. This is a single property with up to six lines of 

information information. If you want a user’s entire address imported as a single 

property, use Mailing label information for each field that contains a part of 
the address. The first field will be the first line of the postal address, the 
second field will be the second line, etc. 

If you are going to define only four lines of the postal address in the data 
file, you need to include only four Mailing label information fields. Each 
line of the postal address in the data file must be a separate data string (that 
is, separated by a comma or other separator). 

To import four lines of the postal address, you would type the following in 
the Fields section in the Control file: 

Fields 

... (other fields) 

Mailing label information 
Mailing label information 
Mailing label information 
...(other fields) 

In the data file, you might enter a line similar to the following: 

...,”1234 Any Street”,”Torrance”,”CA”,”98550”,... 

You can use the Mailing label information field in place of Postal code, 
Post office box. State or province, and City. 


Maximum connections 

Single-value property. In the data file, enter the number of workstations the 
user can login from. For no limit, enter 0. 

Minimum password 
length 

Single-value property. In the data file, enter the minimum password length. 
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Property 

Property description 

Name 

Single-value property. A value is required for this field. In the data file, 
enter any unique username. For example, you can use a student or 
employee identification number as the login name. This field is the user’s 
login name in NDS. 

Other names 

Multiple-value property. For example, if a user has two additional names 
that you want to import, enter both of them in the data file and enter two 
field definitions in the import control file called “Other names.” 

Password 

Single-value property. In the data file, enter a unique password for the user. 
Numbers, letters, and special characters may be used. 

Post office box 

Single-value property. In the data file, enter the user’s post office box. 

Postal (ZIP) code 

Single-value property. Enter in the data file the five- or ten-digit ZIP code. 
(84111 or 84111-1111). For a Canadian address, this is the postal code. 

Profile 

Single-value property. In the data file, enter the name of the profile object 
to which this user belongs. This must include the complete NDS name of 
the Profile object if the profile is in a different context than the user. 

Remaining grace logins 

Single-value property. Normally this field is not imported. This is the 
number of grace logins still remaining. It is set to the same value as in 
“Grace logins allowed.” If you want this number to be different from the 
“Grace logins allowed” number, you must use the modify option in 
UIMPORT. 


For those users whose Remaining grace logins should be the same as the 
Limit grace logins, either don’t import this field or set it to the same 
number you entered for Limit grace logins. 

Require a password 

Single-value property. In the data file, type “Y” if a password is required. If 
no password is required for this user, type “N.” 

Require unique 
passwords 

Single-value property. If unique passwords are required, type “Y” in the 
data file. If unique passwords are not required (in other words the user can 
reuse passwords), type “N.” 

Security equal to 

Multiple-value property. In the data file, enter the name of the objects to 
which this user is security equivalent. This name must include the complete 
NDS name of the object if the object is in a different context than the user. 
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UIMPORT Field Definitions 

Property 

Property description 

See also 

Multiple-value property. Enter in the data file any other related objects. 

Enter the complete NDS name of the object if it is not in the same context 
as the User object. 

Skip 

This is a unique processing option for UIMPORT. The values in the data 
file that correspond to Skip fields are ignored by UIMPORT. 

For example, if you exported into the data file users’ birthdays and you do 
not want this information imported into NDS, enter “Skip” as the field 
definition. So if you export data that you don’t want to import, rather than 
re-exporting the entire data file, you can simply specify “Skip” for the 
column that contains the information. 


Suppose you export to the data file a work and a home phone number, but 
you don’t want to import the home phone number. Your data file may have 
a string like this: 

.. „”801-555-4141”,”801-555-8677”„.. 


Your import control file would correspond like this: 

Fields 


Telephone 

Skip 


The 801-555-8677 field in the data file is ignored. 


State or province 

Single-value property. In the data file, enter the State or province of the 

user. 

Telephone 

Multiple-value property. For example, if a user has three telephone 
numbers that you want to import, enter in the data file each of the three 
numbers. In the control file, you would need three “Telephone” field 
entries. 

Title 

Multiple-value property. In the data file, enter the user’s title. 
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Property 

Property description 

Volume restrictions 

Single-value property. In the data file, enter the name of the Volume object 
and the space restrictions on that volume in the following format: 

Volume object name:Restriction amount 

To remove volume restrictions, enter -1 (or any other negative number) for 
the restriction amount. 


UIMPORT Field Name Changes 

UIMPORT data field names have changed in NetWare 4.1. Field names used 
in NetWare Services are listed in the left column of the following table and 
new NetWare 4.1 names are listed in the right column. 


NetWare Services UIMPORT 

4.1 UIMPORT 

Field Name 

Field Name 

Facsimile telephone number 

FAX number 

Login disabled 

Account disabled 

Login expiration time 

Account has expiration date 

Login grace limit 

Grace logins allowed 

Login maximum simultaneous 

Maximum connections 

Minimum account balance 

Low balance limit 

Password allow change 

Allow user to change password 

Password expiration interval 

Days between forced changes 

Password expiration time 

Date password expires 

Password minimum length 

Minimum password length 

Password required 

Require a password 

Password unique required 

Require a unique password 

Postal address 

Mailing label information 
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NetWare Services UIMPORT 

4.1 UIMPORT 

Field Name 

Field Name 

Security equals 

Security equal to 

Telephone number 

Telephone 

New field 

Foreign Email address 

New field 

Foreign Email alias 

New field 

Full name 

New field 

Generational qualifier 

New field 

Initials 

New field 

Mailbox ID 

New field 

Mailbox location 


Examples of Files Used by UIMPORT 

The following examples are based on records taken from a database sample 
that uses these fields: 

Last name: 

First name: 

Middle initial: 

Local address 

Street: 

City: 

State or province: 

Zip code: 

Student number: 

Year: 

Major: 
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Cumulative grade point average: 

Department: 

Data File Created from Exported Database Fields 

When you export your database records to a comma-separated ASCII file, 
the records appear in the data file as shown here: 

“Jones”,“Adam”,“J”,“lll South 8th East”,“Salt Lake 
City”,“Utah”,“84007”,“2345”,“Sophomore”,“Environmental 
Engineering”,“2.8”,“Engineering Sciences” 

“Smith”,“John”,“D”,“222 North Cerillos”,“Los 

Angeles”,“California”,“96000”,“2875”,“Senior”,“Accounting”, 

“3.0”,“Business Administration” 

Corresponding Import Control File 

Using the data file as a guide, you could set up the import control file to 
import the data file fields as shown here. This example assumes that you are 
creating new users in the NDS database: 

Import control 

Name context=.administration.student_accts 
User template=y 
Create home directory=y 
Home directory path=”Students/Home” 

Home directory volume^”. SYS VOL. Student Records” 

Fields 

Last name 
Given name 
Middle initial 
Mailing label information 
Mailing label information 
Mailing label information 
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Mailing label information 

Name 

Skip 

Skip 

Skip 

Department 

Note how the Name field corresponds to a student ID number. When the ID 
number is imported into NDS, it will become the user’s login name—which 
is the User object name. 

An alternative to managing numbers is to create a field of unique login 
names in your data file. 

Data File Edited to Update User Objects 

Suppose that later you wanted to update User object information and add 
properties that were not imported when the users were created. 

For example, if you wanted to delete values from the “Middle initial” field, 
import new values from the “Year,” “Major,” and “Grade point average” 
fields, and change the separator used for all user information after Adam 
Jones, you would edit the data file as shown here: 

“Jones”,“Adam”,“#DEL”,“lll South 8th East”,“Salt Lake 
City”,“Utah”,“84007”,“2345”,“Sophomore”,“Environmental 
Engineering”,“2.8”,“Engineering Sciences” 

! Separator-/ 

“Smith”/“John”/“#DEL”/“222 North Cerillos”/“Los Angeles”/“California”/ 
“96000”/“2875”/“Senior’7“Accounting’7“3.0”/“Business Administration” 

NOTE: Import control parameters are initially set in the control file, but can be included in 

the data file. If you include control parameters in the data file, each parameter should 
be preceded by an exclamation point (!). 


For example, to place the users in the Engineering.Acme context, and to 
change the separator to a semicolon (;), you would add the following lines to 
the data file: 
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!Name contexts ENGINEERING. ACME. 

!Separator=; 

Corresponding Changes to the Import Control File 

After editing the data file, you must change the import control file to reflect 
the changes you made. 

In the following example, the “delete property” and “replace value” control 
parameters have been added to delete the marked properties and specify that 
you want properties in both single- and multiple-value fields to be replaced 
by new properties. Fields marked “Skip” are replaced by “See also,” so the 
properties are imported to the “See also” field for the users. 

Import control 

Name context=. administration. student_accts 
User template=y 
Create home directory=y 
Home directory path=students/home 
Home directory volume=. SYS VOL. Student Records 
Delete property=#DEL 
Replace value=y 
Fields 

Last name 
Given name 
Middle initial 
Postal address 
Postal address 
Postal address 
Postal address 
Name 
See also 
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See also 
See also 
Department 

Creating User Objects with the UIMPORT Utility 
Prerequisites 

• A workstation logged in to the network, running DOS 3.30 or above and using 
NetWare 4.1 client software 

• A minimum of 512 KB of memory available on the workstation 

• The Create or Supervisor object right to the container object where the User 
objects will be created 

• The Create or Supervisor file system right to the directory where user home 
directories will be created (if applicable) 

Procedure 

1 Generate a data file within your database application. 

For general instructions, see “Generating the Data File” in this chapter. For 
specific instructions, see the documentation accompanying your application. 

2 Create an import control file. 

If you have enough disk space, save this file in the same directory in which you 
saved the data file. Otherwise, you will need to specify the path to both the data 
file and the import control file when you run UIMPORT. 

3 Run UIMPORT from the directory in which you saved the data file and the 
import control file. 

At the DOS command line, type 

UIMPORT [control_file] [data_file] [/C] <Enter> 

Replace control_file with the name of the import control file you created. 
Replace data_file with the name of the data file you generated from your 
database application. Use /C to run UIMPORT with continuous output. 

If you do not run UIMPORT from a directory that contains both the import 
control file and the data file, you must specify the path to each file. 

Importing hundreds or thousands of users may take several hours. Therefore, 
you might want to run UIMPORT at night. 
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NOTE: 


4 (Optional) Route import errors to a file. 

If errors occur during the import process, messages appear on your workstation 
screen. If you want the messages sent to a file, add the DOS “>filename” option 
to the command. 

For example, to route the messages to a file called UIMPORT.LOG in your 
home directory, use a command similar to the following: 

UIMPORT [control_file] [data_file] 

>HOME\PAUL\UIMPORT.LOG <Enter> 

When importing large groups of users, the performance of your server might begin 
to slow down. The reduction in performance is related to the amount of disk space 
available for NDS and TTS to use with UIMPORT’s numerous transactions and is 
also related to the size of UIMPORT batches and the amount of available server 
memory. Procedure 

If you will be importing large groups of users or experience decreased server 
performance while running UIMPORT, you can add server memory, process smaller 
batches of users, or process UIMPORT batches during periods of low server 
utilization. 

Additional Information 


For more information about 

Refer to 

Control parameters 

Table 4-1 

Creating import files 

“Repairing the NetWare Directory 
Database” in this chapter. 

Field definitions 

Table 4-2 
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Repairing the NetWare Directory Database 

The Directory Services Repair (dsrepair) utility is provided with NetWare 4 
software to repair problems with NetWare Directory Services on a single¬ 
server basis. It does not correct problems on servers from a single, 
centralized location. It must be run on each server on which you want to 
correct Directory database errors. 

Directory Services Repair Overview 

The Directory Services Repair utility allows you to maintain and repair the 
local NetWare Directory database of a tree. This utility performs the 
following operations: 

• Repairs the local database 

You are provided with tools to repair replicas, replica rings, and Server objects. 
You can also view the purge time of each replica to ensure that data in each 
replica is the same. 

• Analyzes each server in each local partition for synchronization errors 

You can view errors and list the partition name, server name, synchronization 
time, and error code for each error. 

• Writes replica information to a log file 

The log file contains detailed information about local partitions and servers. This 
information helps you diagnose damage to the database. 

• Creates a dump file of a damaged database 

The dump file is saved in a compressed format. You can use Directory Services 
Repair to diagnose and repair the damaged database. 

• Checks the remote server ID list 

You can access a list of the identification numbers for remote servers. You can 
use this list to verify the identification numbers of remote servers and modify the 
numbers if you need to. 

• Searches for local database objects 

A browser allows you to locate and synchronize objects in the local database. 
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Some NDS database problems are not fatal and NDS continues to operate. 
But if the database becomes corrupted, you get a message on the console 
that the server could not open the local database. In this case, run Directory 
Services Repair or re-install the NDS database to fix the problem so that the 
database can be opened. 

The Directory Services Repair utility affects only the parts of the database 
that are stored on the server where you run it. To fix the entire database, you 
must run the utility on each server that contains a part of the database. 

The Directory Services Repair utility changes inconsistent objects to 
Unknown objects when they do not have mandatory properties or are invalid 
in other respects (for example, their properties do not meet minimum 
requirements for an object type). Unknown objects can be deleted but cannot 
be changed back to their original object type. 

In NetWare 4.1, Unknown objects are represented by question mark icons in 
NetWare Administrator. 

Directory Services Repair Options 

After you have installed NetWare Services and loaded Directory Services 
Repair, you can use the following options at the server console: 


Option 

Use to 

Unattended Full 
Repair 

Automatically perform all possible repair operations to 
the Directory database that do not require operator 
assistance. 

Time 

Synchronization 

Contact all servers within this server’s local database to 
request information about NDS and time synchronization. 


If a replica of the root partition is contained on this server, 
then all servers in the Directory tree are contacted. 

Report 

Synchronization 

Determine the status of synchronization for every replica 
in the replica table for the Directory tree. 

Status 

The status of synchronization informs you of the current 
condition of the Directory tree. 
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Option 

Use to 

View/Edit Repair 
Log File 

Track all operations of the Directory Services Repair 
utility to a single file. The default log file is 
SYS:SYSTEM\DS Repair.LOG. 


You can configure options for the log file by accessing 
“Log File And Login Configuration” in the “Advanced 
Options” menu. 

Advanced 

Options Menu 

The “Advanced Options” menu allows you to manually 
perform individual or global repair operations on the 
Directory tree. You can also access diagnostic information 
about the Directory tree database to analyze the status of 
the tree. 


See “Using the Advanced Options” in this chapter for 
more information. 


Running an Unattended Full Repair 

Use this procedure to perform an automatic repair of the Directory database. 
Any operation requiring an operator’s assistance, such as managing partition 
replicas or editing remote server ID numbers, is not performed. 

If you want to manually repair the Directory database, use options available 
in the “Advanced Options” menu. See “Usi ng the Advanced Options” on in 
this chapter for more information. 

Prerequisites 

• Access to the server console. 

• All servers in a tree using the same time source 

• Administer NetWare Server permission for NetWare 4.1/9000. 

Procedure 

1 Run the dsrepair utility. 

The “Directory Services Repair” window appears. 
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Directory Services Repair 

2 Choose “Unattended full repair.” 

A window is available to allow you to observe the repairs in process. 

Following the automatic repair, a message window appears that informs you of 
the repair status, the total number of errors corrected, and the amount of time 
used to complete the repair operation. 

3 Press <Enter> to display the error log file. 

The error log is displayed within a full-screen text editor. You can annotate or 
modify the Directory Services Repair log if you want to. 


Checking Time Synchronization (Directory Services Repair) 

Use this procedure on the server before or after performing a repair. It allows 
you to contact all servers within this server’s local database to request 
information about NDS and time synchronization. 

If a replica of the root partition is contained on this server, then all servers in 
the Directory tree are contacted. 

Time synchronization is very important to NetWare Directory Services. All 
servers in a tree must be synchronized to the same time source. If they are 
not, collision will occur when objects in replicas are synchronized. 
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Prerequisites 

• Access to the server console 

• All servers in a Directory tree using the same time source 

• Administer NetWare Server permission in NetWare 4.1/9000 

Procedure 

1 Run the dsrepair utility. 

2 Choose “Time synchronization.” 

A window is available to allow you to observe the operations in process. 

Following the operation, the Directory Services Repair log is displayed within a 
full-screen text editor. You can annotate or modify the Directory Services Repair 
log if you want to. 

The Directory Services Repair log contains the following fields: 


Field 

Indicates 

Server Name 

All the server names known to the local Directory database. 

If this server contains a replica of the root partition, then 
this list contains all the servers in the tree. 

Version 

The version of NDS mnning on the server. 

Replica Depth 

The replica depth field reports “-1” if no replicas are stored 
on the server or “0” if the server contains a replica of the 
root partition. A positive integer indicates how many 
objects down from the root the first replica is on that server. 

Time Source 

The time server type. This information helps you determine 
whether time synchronization for all the trees in the server 
is configured properly. 

All servers in a tree must be using the same time source. 

For example, if there are two Single time servers, you know 
that all servers in the tree cannot be polling the same time 
source and there is a configuration problem. 

Time in Sync 

The local time synchronization status on the server. The 
status should be Yes. If it is No, then the server is not able to 
contact its time source. 
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Field 


Indicates 


Time +/- The difference in time between the local server and the 

selected server in the list. All servers should be within one 
second of each other; if they are not, they have not been 
configured properly. 

This field reports up to 999 minutes and 59 seconds 
(approximately 16 hours and 30 minutes) in the form 
minutes:seconds. If the time difference is greater than 16 
hours and 30 minutes, then the maximum value is displayed 
as -999:59. 

A difference in time of more than a few minutes can 
indicate that the servers are using different time-source 
servers. 


Viewing Synchronization Status 

Use this procedure on the server to get a report of the synchronization of 
partitions and replicas for the Directory tree. 

Prerequisite 

• Access to the server console 

Procedure 

1 Run the dsrepair utility. 

2 Choose “Report synchronization status.” 

The “Collecting Replica Synchronization And Server Status” screen appears. A 
window is available to allow you to observe the operations in process. 

Following this operation, the Directory Services Repair log is displayed within a 
full text editor. You can annotate or modify the Directory Services Repair log if 
you want to. This file contains information about your partitions and replicas. 


Viewing and Editing the Repair Log File 

Use this procedure on the server to view and edit repair information on 
partitions and replicas for the local Directory tree. 
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The default log file is SYS:SYSTEM\DSREPAIR.LOG. You can change the 
filename with the “Log File and Login Configuration” option in the 
“Advanced Options” menu. See “Using the Advanced Options” in this 
chapter for more information. 

Prerequisites 

• Access to NetWare 4.1/9000 

• Administer NetWare Server permission to NetWare 4.1 

Procedure 

1 Run the dsrepair utility. 

2 Choose “View/edit repair file log.” 

Using the Advanced Options 

Use this procedure to access the “Advanced Options” for manual repair of 
the Directory database. 

If you want the Directory database to be repaired automatically, use the 
options available from the “Unattended Full Repair” option in the main 
menu. See “Running an Unattended Full Repair” in this chapter for more 
information. 

Prerequisites 

• Access to NetWare 4.1/9000 

• Administer NetWare Server permission to NetWare 4.1/9000 

Procedure 

1 Run the dsrepair command. 

2 Choose “Advanced options menu.” 

The “Advanced Options” menu appears. 

3 From the menu, select the repair operation you want to perform. 

The “Advanced Options” menu includes the following options: 

Log file and login configuration 
Repair local DS database 
Servers known to this database 
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View remote server ID list 
Replica and partition operations 
Check external references 
Security equivalence synchronization 
Global schema update 
View/Edit repair log file 
Create a database dump file 
Return to main menu 


Refer to the online help in Directory Services Repair for more information 
and instructions on how to use these options in the Directory Services Repair 
utility. 

Additional Information 


For more information about 

Refer to 

Directory Services database 

“NetWare Directory Services” in 

Concepts 

Using Directory Services 
Repair 

“DS Repair” in Utilities Reference 
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Merging NDS Trees 

NetWare Services does not support DSMERGE. For information on how to 
merge two trees, see your native NetWare documentation and software. 
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Viewing and Managing NDS Synchronization Status 

This section explains the NDS Trace feature that you can use from the server 
console. You should use this feature to do the following: 

• Determine whether NDS synchronization processes are complete. 

• Diagnose NDS errors. These errors may appear when you are manipulating NDS 
objects with the administration utilities. 

You can identify NDS-related system messages by their numbering: -601 
through -699 and F966 through F9FE. 

NOTE: As with all NetWare system messages, an NDS system message does not necessarily 

indicate an error condition, but may simply indicate general NDS status. For more 
information, see the specific message in System Messages. 


Prerequisite 

• Access to a “Terminal” window 

Procedure 

1 Turn on the NDS Trace screen by typing the following at the server: 

dsadmin -d on 

The messages are displayed to the console. Two types of messages are 
particularly important: 

• “All processed = YES” indicates that all pending NDS synchronization 
actions have been processed. 

• Messages numbered -601 through -699 and F966 through F9FE indicate 
NDS status or errors. For explanations and suggested actions, see System 
Messages. 

dsadmin -d on 

dsadmin -f on 

By default, the messages are copied to the file DSTRACE.DBG in the 
SYS:SYSTEM directory when you execute both commands. 

Copying NDS Trace messages to a file may be helpful if you need to ask 
someone else for diagnostic help. You must activiate dsadmin -d on prior to 
executing dsadmin -f on. 
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2 To disable tracing, type 

dsadmin -d off 
dsadmin -f off 

Additional Information 


For more information about 

Refer to 

NDS Trace options 

dsadmin utility in the Utilities Reference 

NDS system messages 

System Messages 
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Introduction 

This chapter provides steps on how to create login scripts to customize 
NetWare® users’ workstations and includes the following: 

• How to create, modify, copy, and print a login script 

• Common login script commands 

• Sample login scripts 
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About Login Scripts 

You can use login scripts to automatically set up your users’ workstation 
environments whenever they log in to the network. Login scripts are si mi lar 
to configurable batch files and are executed by the LOGIN utility. You can 
use login scripts to 

• Map drives and search drives to directories. 

• Display messages. 

• Set environment variables. 

• Execute programs or menus. 

Login scripts work the same way for DOS and Windows workstations. 

Types of Login Scripts 

When a user logs in. the LOGIN utility executes the appropriate login 
scripts. Four types of login scripts are available, and they can be used 
separately or together to tailor a custom environment for your users. All four 
types of login scripts are optional. They are described here in the order they 
are executed: 

• A container login script sets the general environments for all users in that 
container. The LOGIN utility executes container login scripts first. A user can use 
only one container login script. 

NOTE: The container login script replaces the system login script that was in NetWare 3™. 

• A profile login script sets environments for several users at the same time. The 
LOGIN utility executes a profile login script after the container login script. 

A user can be assigned only one profile login script, but can specify other profile 
login scripts on the command line. Several users can use the same profile login 
script. 

• A user login script sets environments specific to a single user, such as printing 
options or a username for electronic mail. 
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The LOGIN utility executes the user login script after any container and profile 
login scripts have executed. A user can have only one user login script. 

• The default login script is precoded into the LOGIN.EXE command and is not 
editable. It executes if a user doesn't have his or her own user login script, even 
if a container or profile login script exists. 

The default login script is executed for all users (including user ADMIN) unless 
you create a user login script. The default login script contains only essential 
commands, such as drive mappings to the NetWare utilities. 

To see the commands in the default login script, see “Default Login Script’’ in 
this chapter. 

If you do not want to create any user login scripts and you don’t want the 
default login script to execute for any users, you can disable the default login 
script by including the NO_DEFAULT command in the container or profile 
login script. 

To use the login script from an Organization, Organizational Unit, or Profile 
object, users must have the Browse right to the object and the Read right to 
the object’s Login Script property. 


NOTE: For more information on Browse or Read rights for a file, object, or property, see 

“Browsing” and “Rights” in Concepts. 


Deciding Which Login Scripts to Create 

Maintaining many user login scripts can be time consuming. Therefore, you 

should try to include as much customizing information as possible in the 

container and profile login scripts. 

Here are some suggestions: 

• If all users need access to the NetWare utilities in the same volume, for example, 
put the search drive mapping to that volume in a single container login script 
rather than in every user login script. 

• Create profile login scripts if there are several users with identical login script 
needs. 

• In user login scripts, include only those items that cannot be included in profile 
or container login scripts. 
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Table 5-1 


Figure 5-1 


Since up to three login scripts can execute whenever a user logs in, conflicts 
can occur. If this happens, the last login script to execute (usually the user 
login script) overrides any conflicting commands in a previous login script. 

Login scripts are properties of objects. Table 5-1 shows which objects can 
contain which login scripts. 


Objects that Contain Login Scripts 


Object 

Type of Login Script 

Organization 

Container 

Organizational Unit 

Container 

Profile 

Profile 

User 

User 


Figure 5-1 shows where the different types of login scripts can reside in a 
Directory bee. 


Where Login Scripts Are Located 
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In the previous figure, there are three users: ESAYERS, SWILLIAMS, and 
MRICHARD. The following table shows which login scripts execute when 
each of these users logs in. 


When this user logs in 

Login scripts execute in this order 

ESAYERS 

1 

Sales_PV’s container login 
script 


2 

ESAYERS’ user login script 

SWILLIAMS 

1 

Sales _PV’s container login 
script 


2 

Default login script 

MRICHARD 

1 

Accounting’s container login 
script 


2 

CLERKS’ profile login script 


3 

MRICHARD’s user login script 


Container login scripts only affect users in the Organization or 
Organizational Unit that contains the login script. 

For example, in Figure 5-1, although there are two levels of container 
objects above users ESAYERS and SWILLIAMS, only the container login 
script for the container they are in (OU=SALES_PV) executes. 

If the SALES_PV Organizational Unit had no container login script defined, 
no container login script would execute for ESAYERS and SWILLIAMS, 
even though a container login script exists at a higher level. 

Because user SWILLIAMS has no user login script defined, the default 
login script executes after the container login script. 

Since user MRICHARD belongs to the profile CLERKS, the CLERKS 
profile login script executes before MRICHARD’s user login script. Users 
can be assigned to only one Profile object, but other profile login scripts can 
be specified at the command line, for example, 

LOGIN username /p profile_object 
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You can, however, assign users to more than one Group object. Then use the 
MEMBER OF “group” identifier variable to specify that different parts of a 
login script execute, depending on the Group objects to which the user 
belongs. 

For more information about using the MEMBER OF “group” identifier 
variable in login scripts, see “IF.. .THEN” and “Identifier Variables” in this 
chapter. 
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Creating, Modifying, Copying, and Printing Login 
Scripts 

To create or modify login scripts and to copy one object’s login script into 
another’s, you can use either NetWare Administrator or NETADMIN. Both 
procedures are described in this section. 

If you are logged in to a server running NetWare 2 or NetWare 3 and that 
server is in a Directory tree, do not create or edit a login script using the 
SYSCON utility. If you do, the changes to that login script will not appeal - in 
your NetWare Directory Services login script. 

The reason is that your NetWare Directory Services login script is a property 
of your User object, while your bindery-based login script is a file in your 
MAIL directory. 

The main difference in creating container, profile, and user login scripts is 
the object you select to contain the login scripts: 

• Container login scripts are assigned to container objects (Organization or 
Organizational Unit objects). 

• Profile login scripts are assigned to Profile objects. For a User object to use a 
profile login script, you must select that User object and assign it to the Profile. 

• User login scripts are assigned to User objects. 

All types of login scripts use the same conventions, commands, and 
variables. 

Hints for Planning Login Scripts 

The following hints can help you plan effective login scripts. For a 
description of the commands you can use in a login script, see “Login Script 
Commands and Variables” in this chapter. 

For login script examples, see “Examples of Login Scripts” in this chapter. 
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Table 5-2 Login Script Conventions 


Subject 

Convention 

Minimum login script 

No minimum. All four types of login scripts are optional. Login scripts 
can have only one line or they can have many. There are no required 
commands for login scripts. 

Case 

Either uppercase or lowercase is accepted, except that identifier 
variables enclosed in quotation marks and preceded by a percent sign 
(%) must be uppercase. See “Identifier Variables” in this chapter. 

Characters per line 

150 characters per line is maximum; 78 characters per line (common 
screen width) is recommended for readability. 

Punctuation and symbols 

Type all symbols (#, %, _ ) and punctuation exactly as shown in 

examples and syntax. 

Commands per line 

Use only one command per line. Start each command on a new line; 
press <Enter> to end each command and start a new command. 

Lines that wrap automatically are considered one command. 

The WRITE command output displays better if WRITE is repeated at 
the beginning of each wrapped line. 

Sequence of commands 

Generally, enter commands in the order you want them to execute, with 

the following restrictions: 

• ATTACH commands must precede related MAP commands to avoid 
prompting the user for a username/password during login. 

• If you use “#” to execute an external program, this command must 
follow any necessary MAP commands. 

• If sequence is not important, you should group similar commands, 
such as MAP and WRITE commands, together to make the login 
script easier to read. 

Blank lines 

Blank lines don't affect login script execution. Use them to visually 
separate groups of commands. 

Remarks (REMARK, 

Lines beginning with REMARK, REM, an asterisk, or a semicolon are 

REM, asterisks, and 

comments that do not display when the login script executes. Use 

semicolons) 

remarks to record the purpose of each command or group of commands. 
(For examples, see “REMARK” in this chapter). 
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Table 5-2 Login Script Conventions 


Subject 

Convention 

Identifier variables 

Type identifier variables exactly as shown. For the value of an identifier 
variable to be displayed on the workstation’s screen as part of a WRITE 
command, you must enclose the identifier in quotation marks and 
precede it by a percent sign (%). See “Identifier Variables” in this 
chapter. 


Creating or Modifying a Login Script Using NetWare 
Administrator 

Use the following instructions to create any of the three user-created types of 
login scripts (container, profile, or user). 

Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Write property to the object that will contain the login script 

• The object to which you are going to assign the login script must already exist 
(Organization, Organizational Unit, Profile, or User Object) 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 Using the browser, select the object whose login script you are creating or 
modifying. 

For information about moving around in the browser and selecting objects, 
choose “flelp” from the menu bar. 

3 From the “Object” menu, choose “Details.” 

4 Choose the “Login Script” page. 

5 Enter the login script commands and information into the login script text box. 

For a description of all login script commands, see “Login Script Commands 
and Variables” in this chapter. For login script examples, see “Examples of 
Login Scripts” in this chapter. 

6 Choose “OK” to save the login script and close the “Details” dialog box. 
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If the login script you created was a container or user login script, you are 
finished. 

If the login script you created was for a Profile object, continue with Step 7. 

7 (Profile login scripts only) Using the browser, select the User object that needs to 
use the profile login script. 

8 From the “Object” menu, choose “Details.” 

9 Choose the “Login Script” page. 

10 Enter the name of the Profile object in the “Default Profile” field located under 
the login script text box. 

You can type in the complete name of the Profile object, or you can choose the 
browser button next to the “Default Profile” field to select the Profile object. 

11 To save the Profile object name and close the “Details” dialog box, choose “OK.” 
Now you must add the User object as a trustee of the Profile object. 

12 Using the browser, select the Profile object. 

13 From the “Object” menu, choose “Trustees of This Object.” 

14 Choose “Add Trustee.” 

15 Enter the name of the User object who is using this Profile object. 

You can type in the complete name of the User object, or you can choose the 
browser button to select the Profile object. 

16 Make sure the Browse object right and the Read property right are checked and 
then choose “OK” to assign these rights to the User object. 

The User object is now a trustee of the Profile object and has the rights necessary 
to run the profile login script. 


Additional Information 


For more information about 

Refer to 

Creating a Profile object 

“Managing Profile Objects” in this chapter 

Examples of login scripts 

“Examples of Login Scripts” in this chapter 

Login script commands and 
variables 

“Login Script Commands and Variables” in 
this chapter 
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Using NetWare Administrator “NetWare Administrator” in Utilities 

Reference 


Creating or Modifying a Login Script Using NETADMIN 

Use the following instructions to create any of the three user-created types of 
login script (container, profile, or user). 

Prerequisites 

• A workstation running DOS 3.30 or later and NETADMIN 

• The Write property to the object that will contain the login script 

• The object to which you are going to assign the login script must already exist 
(Organization, Organizational Unit, Profile, or User Object) 

Procedure 

1 At the DOS Prompt, type 

NETADMIN <Enter> 

2 From the “NetAdmin Options” menu, choose “Manage Objects.” 

3 Select the object whose login script you want to create. 

• If the object you want appears in the list, select it and press <F10>. 

• If the object is not in the list, browse the directory by selecting container 
objects and pressing <Enter> until you see the object you want. Select it and 
press <F10>. 

4 Select “View or Edit Properties of This Object.” 

5 Select “Login Script.” 

If you are editing an existing login script that already contains some commands, 
continue with Step 3. 

If this login script is empty, a message appears asking if you want to copy a 
login script from another object. 

a If you do not want to copy the login script from another object, answer “No” 
and continue with Step 3. 

b To copy a login script from another object, answer “Yes” and select the name 
of the object whose script you want to copy. Then continue with Step 3. 
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6 Enter the login script commands and information in the login script text box. 

For a description of all login script commands, see “Login Script Commands 
and Variables” in this chapter. For login script examples, see “Examples of 
Login Scripts” in this chapter. 

7 To save the login script, press <F10>. 

If the login script you created was a container or a user login script, you are 
finished. 

If the login script you created was for a Profile object, continue with Step 5. 

8 (Profile login scripts only) Press <Esc> repeatedly until you return to the 
browser. 

9 Select the User object that needs to use the profile login script. 

You can either type the object’s complete name and press <F10> or press 
<Insert> to browse through the Directory tree and choose the name. 

10 Select “View or Edit Properties of This Object.” 

11 Select “Memberships.” 

12 Select the “Profile” field and press <Insert>. 

13 Enter the name of the Profile object in the box that appears. 

You can either type the object’s complete name and press <F10> or press 
<Insert> to browse through the Directory tree and select the name. 

14 Press <F10> to save the changes. 

Now you must add the User object as a trustee of the Profile object. 

15 Return to the “Manage Objects” menu. 

16 Through the browser, select the Profile object. 

Press <Insert> to browse through the Directory tree and choose the name. 

17 Select “View or Edit the Trustees of This Object.” 

18 Select “Trustees.” 

19 To add the User object as a trustee of this Profile object, press <Insert>. 

20 Enter the name of the User object that needs to be a trustee of this Profile object. 

You can either type the object’s complete name and press <F10> or press 
<Insert> to browse through the Directory tree and choose the name. 

21 Select “All Properties Rights.” 
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22 To add the user as a trustee and grant the default property right, press <Enter>. 

The User object is added as a trustee of the Profile object and is given the Read 
right to all of the Profile's properties. 

Now you must assign the Browse object right to the User object. 

23 Enter the name of the User object. 

You can either type the object’s complete name and press <F10> or press 
<Insert> to browse through the Directory tree and choose the name. 

24 Choose “Object Right.” 

25 To grant the default object right, press <Enter>. 

The User object is given the Browse object right. The User object now has all 
rights necessary to use the Profile object’s login script. 

26 To exit NETADMIN, press <Esc> until you get to the confirmation prompt and 
select “Yes.” 


Additional Information 


For more information about 

Refer to 

Creating a Profile object 

“Managing Profile Objects” in this 
chapter 

Examples of login scripts 

“Examples of Login Scripts” in this 
chapter 

Login script commands and 

“Login Script Commands and Variables” 

variables 

in this chapter 

Using NETADMIN 

“NETADMIN” in Utilities Reference 


Copying a Login Script Using NetWare Administrator 

Use the following instructions to copy all or part of a login script and paste it 
into another object’s login script. 
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Prerequisities 

• A 386 or later workstation and NetWare Administrator 

• The Write property to the object that will contain the login script 

• The object whose login script you will be working with must already exist 
(Organization, Organizational Unit, Profile, or User Object) 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon. 

2 Using the browser, select the object whose login script you want to copy. 

For information about moving around in the browser and selecting objects, 
choose “Help” from the menu bar. 

3 From the “Object” menu, choose “Details.” 

4 Choose the “Login Script” page. 

5 In the login script text box, highlight the text you want to copy. 

6 Press <Ctrl>+<Insert> to copy the highlighted text. 

The highlighted text has been placed in clipboard memory and can be pasted 
into another login script. 

7 To save the login script and close the “Details” dialog box, choose “OK.” 

8 Using the browser, select the object whose login script you want to paste the 
copied text into. 

9 From the “Object” menu, choose “Details.” 

10 Choose the “Login Script” page. 

11 In the login script text box, place the cursor where you want the copied text to 
appear. 

12 Press <Shift>+<Insert> to paste the copied text into the login script. 

13 To save the login script and close the “Details” dialog box, choose “OK.” 

Copying a Login Script Using NETADMIN 

Use the following instructions to copy all or part of a login script and paste it 
into another object’s login script. 
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Prerequisites 

• A workstation running DOS 3.30 or later and NET ADMIN 

• The Write property to the object that will contain the login script 

• The object whose login script you will be working with must already exist 
(Organization, Organizational Unit, Profile, or User Object) 

Procedure 

1 At the DOS prompt, type 

NETADMIN <Enter> 

2 From the “NetAdmin Options” menu, choose “Manage Objects.” 

3 Select the object whose login script you want to copy. 

• If the object you want appears in the list, select it and press <F10>. 

• If the object is not in the list, browse the Directory by selecting container 
objects and pressing <Enter> until you see the object you want. Select it and 
press <F10>. 

4 Select “View or Edit Properties of This Object.” 

5 Select “Login Script.” 

6 In the login script text box, place the cursor at the beginning of the text you want 
to copy and press <F5> to mark the beginning of the text. 

7 Use the arrow keys to move to the end of the text you want to copy. 

As you move the cursor, the text in the login script is highlighted. You will copy 
this highlighted text by first deleting it, and re-inserting it. Then you will insert it 
into the new login script. 

8 To delete the text from the login script, press <Delete>. 

Although you have deleted the text, the text has been placed in a clipboard 
memory and can be retrieved. 

9 To insert the text from the login script, press <Insert>. 

The deleted text has now been restored to the login script. A copy of the text still 
resides in the clipboard memory, so you can paste it into another object’s 
memory. 

10 To exit the login script, press <Esc>, and select “No” when asked if you want to 
save the changes you made. 

11 Return to the browser screen. 
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12 Select the object whose login script you want to paste the copied text into. 

You can either type the object’s complete name and press <F10> or press 
<Insert> to browse through the Directory tree and choose the name. 

13 Select “View or Edit Properties of This Object.” 

14 Select “Login Script.” 

15 In the login script text box, place the cursor where you want the copied text to 
appear. 

16 To paste the copied text into the login script, press <Insert>. 

17 To save the changes, press <F10>. 

Printing Login Scripts 

Use the following instructions to print a login script. 

Prerequisites 

• A workstation running DOS 3.30 or later 

• The Read and File Scan property right to the object to be printed 

Procedure 

To print a login script from the command line, use the NLIST command and 
redirect the output to a file or a printer. You must be in an object’s parent 
container to see and print the login script of that object. 

To print a user’s login script, use the following format: 

NLIST user <username> show "login script" >LPT1 

To print a container’s login script, use the following format: 

NLIST "organizational unit" = "ou name" show "login script" 
>LPT1 

Any parameter of the NLIST command that includes a space in its name 
must be enclosed in quotation marks. 
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Login Script Commands and Variables 

This section describes the commands you can use in a login script. The 
commands are presented in alphabetical order. 

Syntax conventions for login script commands, as shown in Table 5-3, are 
the same as those for workstation text utilities, with one exception: some 
login script commands must be preceded by the # symbol. 

Following is an example of the syntax for the MAP login script command: 

MAP [option] drive:=drive: I path 

The command syntax is described in Table 5-3. 

Table 5-3 Command Syntax Conventions 


Convention 

Explanation 

MAP 

Words in uppercase letters are keywords that must be included in the 
command and spelled exactly as shown. However, it doesn't matter if 
you type them in uppercase or lowercase letters. 

□ 

1 

Square brackets indicate that the enclosed item is optional. 

A vertical bar means you can use either the item to the left of the bar or 
the item to the right, but not both. In the previous MAP example, you 
can enter either the drive letter or a complete path. 

drive 

Words in italics are variables. Replace variables with information 
specific to your task. 

[option] 

Options or parameters for each command are listed with the command. 
Options and parameters can often be abbreviated. 

<Enter> 

Angle brackets indicate a key you should press. 

[[]] 

Nested square brackets indicate that all enclosed items are optional. 
However, if you use the items within the innermost brackets, you must 
also use the items within the outer brackets. 
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NOTE: 


• (Execute External Program) 

Use the # symbol to execute a program that is external to the login script. 

Command Format 

• [path] filename [parameter] 

Replace path with a drive letter; or, if you have specified NOSWAP on the 
command line or in the login script, you may replace path with a full 
directory path beginning with the NetWare volume name. 

Replace filename with an executable file (files that end in .EXE, .COM, or 
.BAT, for example). Do not include the extension. 

Replace parameter with any parameters that must accompany the executable 
file. 

Using # 

If you want the LOGIN utility to execute a program that is external to the 
login script, enter the # command (symbol) followed by the name of the file 
you want to execute. 

This command fails when 

• The given directory is invalid. 

• Proper security rights are lacking. 

• The executable file cannot be found. 

• Insufficient workstation memory is available to load the file. 

LOGIN swaps to extended or expanded memory or to disk unless NOSWAP is 
specified on the command line or in the login script. 

NOSWAP prevents LOGIN from being swapped out of conventional memory. Then, 
if the station does not have enough memory to handle both LOGIN and the # 
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command, the # command fails but the rest of the login script executes normally. 
For more information, see “SWAP” in this chapter. 

Examples 

When you want to define a default print queue and printer, you can make the 
login script execute the NetWare CAPTURE utility. This allows you to send 
print jobs to a network print queue (named QUEUE_FOR_LASERJET in 
this example). 

If you have a search drive mapped to SYS:PUBLIC where the NetWare 
utilities are stored, you could enter the following command in the login 
script: 

#CAPTURE Q=QUEUE_FOR_LASERJET NB TI=10 NFF 

You do not need to enter a path in this case because CAPTURE is located in 
a search drive. 

If you do not have a search drive mapped to a directory, include the path to 
that directory in the command. For example, to run a batch file named 
BATCH.BAT in the ACCOUNTS directory, use the following command: 

#Z:\ACCOUNTS\BATCH 


Additional Information 


For more information about 

Refer to 

Using the NOSWAP 
command 

“NOSWAP” in this chapter 

Using the SWAP command 

“SWAP” in this chapter 


ATTACH 

Use ATTACH to connect to a NetWare 2 or NetWare 3 server or to a 
NetWare 4 server using bindery services while the login script is running. 

Command Format 

ATTACH [ server[/username[;password]]] 
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Using ATTACH 

Replace server with the name of the NetWare server to which you want to 
attach. 

Replace username with the login name. If you do not include the username, 
the user is prompted for a login name when the ATTACH command is 
executed from the login script. 

You can replace password with the correct password for that user and server. 
If the username and password are the same as the primary login username 
and password, you can omit the password and not be prompted for it. 

Use caution when including passwords in a login script, however. It is more 
secure to eliminate the password. Then, at the point in the login script where 
the ATTACH command is executed, the user is prompted for the password. 

Example 

To attach user MRICHARD (whose password is “GOLFING”) to a server 
named REPORTS (which is a bindery-based server running NetWare 3), add 
the following line to the login script: 

ATTACH REPORTS/MRICHARD;GOLFING 

BREAK 

Use BREAK ON to allow the user to terminate execution of the login script. 
The default is BREAK OFF. 

Command Format 

BREAK ON|OFF 

Using BREAK 

If BREAK ON is included in a login script, you can press <Ctrl>+<C> or 
<Ctrl>+<Break> to abort the normal execution of your login script. 

Including BREAK ON in a login script does not affect the DOS 
<Ctrl>+<Break> check. For more details, see “DOS BREAK” in this 
chapter. 

When the BREAK option is ON, type-ahead keyboard input is not saved in 
the buffer. 
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CLS 

Use CLS to clear the display from the workstation’s screen during the login 
process. 

Command Format 

CLS 

Using CLS 

When a user logs in, a login script may display messages on the user’s 
workstation screen. 

If the CLS command is added to the login script, any messages generated by 
commands earlier in the login script are cleared from the screen. 

COMSPEC 

Use COMSPEC in the login script to execute DOS commands from the 
network. Specify the directory where DOS and the DOS command 
processor (COMMAND.COM) are loaded. 

COMSPEC is originally set when DOS is booted. It must be reset after you 
log in to change the location that COMMAND.COM loads from while you 
are logged in to the network. 

Command Format 

COMSPEC=[path]COMMAND.COM 

Replace path with either a drive letter or a full directory path beginning with 
the NetWare volume name. 

Using COMSPEC 

Follow these guidelines for using COMSPEC: 

• If users are running DOS from a network directory, first map a search drive in the 
login script to that directory and then add the COMSPEC command to the login 
script. 

(You may want to map a fake root to the DOS directory. For information about 
mapping a fake root, see “MAP” in this chapter.) 

• If all users use the same version of DOS from the network, you can add the 
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COMSPEC command to the container login script. 

• If more than one version of DOS is available on your network, a network 
directory should exist for each DOS version. In this case, you can put COMSPEC 
commands in either profile or user login scripts, to make sure each workstation 
accesses the version of DOS it needs. 

• If users are running DOS from their local drives, do not add COMSPEC to login 
scripts. 

• To use an environment variable as the value in a COMSPEC command, precede 
it with the percent sign (%), as follows: 

COMSPEC=%environment variable 


CONTEXT 

Use CONTEXT to set a user’s current context in the Directory tree. 

Command Format 

CONTEXT context 

Using CONTEXT 

Replace context with the context you want the user to see after login. 

As with the workstation CX utility, you can enter a complete name to move 
down through the context, or you can use periods to move up toward the 
Root of the Directory tree. 


NOTE: CONTEXT does not support all options that the CX workstation utility does. It only 

sets the context. 


Example 

To change the context to the Organizational Unit SALES, under the 
Organization ACME_US, add the following line to the login script: 

CONTEXT .SALES.ACME_US 

You can type a single period instead of a container name to indicate that you 
want to move up one level. 


For example, if you are in the context SALES.ACME_US and you want to 
move up one level to the context ACME_US, add the following line to the 
login script. 
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CONTEXT . 

To move up two levels, enter two periods, and so on. 

Additional Information 


For more information about 

Refer to 

Context 

“Context” in Concepts 

Using the CX utility 

“CX” in Utilities Reference 


DISPLAY 

Use DISPLAY to show the contents of a text file on a workstation’s screen 
when the user logs in. 

This command works best with an ASCII file. If you use DISPLAY with a 
word-processing file, printer and word-processing codes are displayed with 
the text. 

Command Format 

DISPLAY [path] filename 

Replace path with either a drive letter or a full directory path beginning with 
the NetWare volume name. 

Replace filename with the complete name (including the extension) of the 
file you want to display. 

Using DISPLAY 

When you use DISPLAY to display the contents of a file on the screen, the 
exact characters in the file, including any printer and word-processing codes, 
appeal - on the workstation screen. (To display only the text and suppress 
codes, use FDISPLAY. See “Using FDISPLAY” in this chapter.) 

If the given directory does not exist or the file is not found, no error message 
appeal's on the screen when the user logs in. 
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Example 

Suppose you put messages in a file called SYSNEWS.TXT, in the directory 
SYS:PUBLIC\MESSAGES, and you want your users to see this file on their 
screens when they log in on Mondays. Add the following lines to the 
container login script: 

IF DAY_OF_WEEK="Monday" THEN 

DISPLAY SYS:PUBLIC\MESSAGES\SYSNEWS.TXT 

END 

DOS BREAK 

Use DOS BREAK to set the <Ctrl>+<Break> checking level for DOS. 

If DOS BREAK is set to ON. you can terminate a program (other than the 
login script) by pressing <Ctrl>+<Break>. 

NOTE: This command is different from the BREAK command that terminates a login script. 

For more details, see “BREAK” in this chapter. 


Command Format 

DOS BREAK [ON|OFF] 

Using DOS BREAK 

Enter the following command in the login script: 

DOS BREAK ON 


The default is DOS BREAK OFF. 

Additional Information 


For more information about 

Refer to 

Using the DOS BREAK 

Your DOS manual 

command 


Using the BREAK login 

“BREAK” in this chapter 

script command 
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DOS SET 

See “SET” in this chapter. 

DOS VERIFY 

Use DOS VERIFY to verify that data written to a local drive is not written to 
a bad sector and can be read without an error. 

Command Format 

DOS VERIFY [ON|OFF] 

Using DOS VERIFY 

The DOS COPY and NCOPY commands do not automatically verify that 
data copied to a local drive can be read after the copy. 

To assure verification of each copy operation after login, add the VERIFY 
ON and DOS VERIFY ON commands (for network and DOS copies 
respectively) to the login script. 

Another option, since VERIFY ON can affect performance by slowing down 
write operations, is to use the /V option at the command line with each 
COPY or NCOPY operation. 

The default in the login script is DOS VERIFY OFF. 

These commands may not work with some software that is copy-protected. 

DRIVE 

Use DRIVE to change the default drive while the login script is executing. 

Command Format 

DRIVE [drive:[*n:] 

Replace drive with a local or network drive letter, or replace n with a drive 
number. Which one you use depends on what is being assigned within the 
login script. 
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Using DRIVE 

Unless this command is in your login script, the default drive is set to the 
first network drive, which is often assigned to your home directory when 
you log in. 

If you don’t want the default drive to be the first network drive, map a drive 
in the login script to the directory you want to be the default; then use the 
DRIVE command to change the default drive. 

Instead of specifying a drive letter, such as F: or G:, you can use an asterisk 
followed by a number n to represent the nth network drive (for example, *3). 
This allows drive letters to reorder themselves automatically if previous 
drive mappings are deleted or added. 

Example 

Suppose you expect to work on only one project for several days and the 
files for that project are located on drive S:. You can use the DRIVE 
command to set your default drive to S: so you won’t have to change your 
default drive manually every time you log in. 

First, make sure you have mapped drive S: to the correct directory in your 
login script. Then enter the following command in the login script: 

DRIVE S: 

EXIT 

Use EXIT to terminate execution of the login script and execute an external 
program. 

Command Format 

EXIT ["filename [parameters]"] 

Using EXIT 

The length of information between quotation marks cannot exceed your 
keyboard buffer length minus 1 (commonly 15 - 1 = 14 characters). 

You can use the EXIT command in a login script to stop the login script and 
execute a program, such as a word-processing or menu program. 
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Because EXIT stops the login script, make sure you put this command at the 
end of the login script. 

You can also use EXIT in an IF.. .THEN statement so that the login script 
stops and exits to an external program only if a certain condition exists. If 
the condition doesn’t exist, the login script skips the EXIT command and 
continues executing. 

If the program you are executing with the EXIT command requires any DOS 
paths or NetWare search drives to be set, make sure they are specified in the 
login script ahead of the EXIT command. 

Adding EXIT to a container login script prevents other profile or user login 
scripts from running. Putting EXIT in a profile login script prevents the user 
login script from running. 

The EXIT command works only on IBM*-compatible workstations running 
DOS. Therefore, if your DOS workstation has a machine name different 
from IBM_PC specified in its NET.CFG file, you must add the 
PCCOMPATIBLE login script command to the login script. 

For more information about the PCCOMPATIBLE command, see 
“PCCOMPATIBLE” in this chapter. 

Examples 

• Suppose the workstation’s long machine name is IBM_PC. To execute a menu 
program called TRAINING when the login script is finished, add the following 
line at the end of the login script: 

EXIT "NMENU TRAINING" 

• If you are using a Hewlett Packard* computer and you have changed the long 
machine name to HE_PAC in the NET.CFG file, add the following lines at the 
end of the login script: 

PCCOMPATIBLE 

EXIT "NMENU TRAINING" 

• Suppose you want the login script to exit to a word-processing program when the 
user logs in on Mondays, but not on other days. You could add the following 
IF.. .THEN statement to the login script: 

IF DAY_OF_WEEK="MONDAY" THEN EXIT "WP" 
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Additional Information 

For more information about 

Refer to 

Changing the machine name 

NetWare Client for DOS/Windows User 

in NET.CFG 

Guide 

Creating a menu 

Chapter 6, “Creating Menus” 


FDISPLAY 

Use FDISPLAY to show the text of a word-processing file on a 
workstation’s screen when the user logs in. 

To display both the text and the printer and word-processing codes of a file, 
or to display an ASCII file, see “DISPLAY” in this chapter. 

Command Format 

FDISPLAY [path] filename 

Replace path with either a drive letter or a full directory path beginning with 
the NetWare volume name. 

Replace filename with the complete name (including the extension) of the 
file you want to display. 

Using FDISPLAY 

When you use FDISPLAY to display the contents of a word-processing file 
on the screen, the text in the file is filtered and formatted so that only the text 
itself is displayed. FDISPLAY does not display tabs. 

If the given directory does not exist or if the file is not found, no error 
message appeal's on the screen when the user logs in. 

Example 

Suppose you put messages in a file called SYSNEWS.TXT, in the directory 
SYS :PUBLIC\MESSAGES, and you want your users to see this file on their 
screens when they log in on Mondays. 

Add the following lines to the container login script: 

IF DAY_OF_WEEK="Monday" THEN 
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FDISPLAY SYS:PUBLIC\MESSAGES\SYSNEWS.TXT 
END 

FIRE PHASERS 

Use FIRE PHASERS to signal the workstation to emit a phaser sound. 

Command Format 

FIRE n 

Replace n with the number of times you want this sound to occur. 

Using FIRE PHASERS 

Use this command alone to generate the phaser sound whenever a user logs 
in. Use FIRE PHASERS with the IF.. .THEN command to make the sound 
execute a different number of times depending on the circumstances of the 
login. 

Examples 

The following line executes the phaser sound four times upon login: 

FIRE 4 

To use an environment valuable as the number of times to fire, use % before 
the variable, as follows: 

FIRE %environment variable 

Either of the following lines fires the phaser five times on Thursdays: 

IF DAY_OF_WEEK="Thursday" THEN FIRE 5 

or 

FIRE %NDAY_OF_WEEK 

The identifier variable %NDAY_OF_WEEK indicates a number that 
corresponds to the day of the week. Since Thursday is the fifth day of the 
week, phasers fire five times on Thursdays. 

For more information about using identifier valuables, see “Identifier 
Variables” on in this chapter. 
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GOTO 

Use GOTO to execute a portion of the login script out of the regular 
sequence. 

Command Format 

GOTO label 

Use label to indicate where the login script should continue executing. 

Using GOTO 

Set BREAK ON in your login script before experimenting with GOTO loops 
so that you can break out of a login script if necessary. 

For more information about the BREAK login script command, see 
“BREAK” in this chapter. 

Do not use GOTO to enter or exit a nested IF.. .THEN statement. This usage 
confuses the program. 

Example 

To execute a loop of commands, you could include the following lines in 
your login script. In this case, the commands to be executed are labeled 
AGAIN (as indicated in the second line). 

SET X="l" 

AGAIN: 

SET X=<X> + "1" 

;see compound strings for this 
WRITE <X> 

IF <X> < "9" THEN GOTO AGAIN 

The GOTO command looks at the value of <X> (a DOS environment 
variable). If the value of <X> is less than 9, then <X> increments by 1 and 
GOTO loops back to the AGAIN label. When <X> gains the value of 9, the 
IF.. .THEN test becomes false, the GOTO is ignored, and the script 
continues normally. See the IF...THEN command next. 
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IF...THEN 

Use IF.. .THEN when you want the login script to perform an action only 
under certain conditions. 

Command Format 

IF conditional [AND|OR [conditional]] THEN 
commands 

[ELSE 

command] 

[END] 

Replace conditional with identifier variables. For more information about 
identifier variables, see “Identifier Variables’' in this chapter. 

Replace commands with any login script commands that you want to be 
executed if the specified condition is true. 

Using IF...THEN 

Follow these guidelines for using IF...THEN: 

• Use IF.. .THEN statements to execute commands only under certain conditions. 
An example of a conditional statement is 

IF MEMBER OF "CLERKS" 

In this statement, some action is performed if the user who logged in belongs to 
the Group object named CLERKS. 

The following is a different type of conditional statement: 

IF DAY_OF_WEEK="MONDAY " 

In this statement, the equals sign (=) indicates the relationship between the 
variable (DAY_OF_WEEK) and its value (Monday). Note that the value 
(Monday) is inside quotation marks. 

• When using IF.. .THEN statements, be aware of the following syntax rules: 

• Use AND or OR to include two or more conditionals in an IF.. .THEN 
statement. 

• Values of conditional statements must be enclosed in quotation marks. 

• The ELSE statement is optional. 

• IF, ELSE, and END must be on separate lines. THEN does not need to be on 
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a separate line. 

• If you include a WRITE command as part of the IF.. .THEN command, the 
WRITE command must be on a separate line. 

• IF.. .THEN statements can be nested (up to 10 levels). However, GOTO 
should not be used in a nested IF.. .THEN statement to enter or exit from the 
body of an IF.. .THEN statement. 

• If your IF.. .THEN statement consists of only one line, even if that line wraps, 
you do not need to include END. If your IF.. .THEN statement must be on 
more than one line (for example, you used ELSE or WRITE, which must be 
on separate lines), you must include END. 

Six relationships are possible between the elements of an IF.. .THEN 
statement. Represent these relationships with the following symbols: 



Symbol 

Definition 

= 


Equals 

<> 


Does not equal 

> 


Is greater than 

>= 


Is greater than or equal to 

< 


Is less than 

<= 


Is less than or equal to 


Examples 

• If you place the following command in a login script, the message “Status report 
is due today” appears when the user logs in on Monday and “Have a nice day!” 
on other days. 

IF DAY_OF_WEEK="MONDAY" THEN 
WRITE "Status report is due today" 

ELSE 

WRITE "Have a nice day!" 

END 

• The following line means “If the hour (on a 24-hour scale) is greater than or equal 
to 12, then write ‘afternoon’.” 

IF HOUR24>="12" THEN 
WRITE "afternoon" 
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END 

• The following command executes the CAPTURE utility on the fourth day of the 
week (Wednesday): 

IF NDAY_OF_WEEK="4 " THEN 
#CAPTURE Q=FAST_Q NB TI=10 NFF 

END 

• The following example shows nested IF.. .THEN statements. Notice that there 
are two IF statements, so each one must have its own END statement. 

IF DAY_OF_WEEK="MONDAY" THEN 
MAP *6:=VOLl:APPL\WP 

IF MEMBER OF CLERKS THEN 

WRITE "Your report is due immediately!" 

END 

END 

• Conditionals can be joined with commas, the word AND, or the word OR to form 
compound conditionals. 

The first line of the following IF.. .THEN statement is a compound conditional 
that means “If it is the evening of the first day of the month”: 

IF GREETING_TIME="EVENING" AND DAY="01" THEN 
WRITE "The system will be backed up tonight." 

END 

The following line is a compound conditional that means “If it is 11:59:59 
p.m.”: 

IF HOUR24="23" AND MINUTE="59" AND SECOND="59" 

• An IF.. .THEN statement can include several commands that must be executed if 
the conditional is true. 

The following example shows two commands that are executed on Tuesdays: a 
WRITE command that displays a message about a staff meeting, and an 
INCLUDE command that tells the login script to process any commands or 
messages contained in the file SYS:PUBLIC\UPDATE. 

IF DAY_OF_WEEK="TUESDAY" THEN 

WRITE "Staff meeting today at 10 a.m." 

INCLUDE SYS:PUBLIC\UPDATE 

END 

Additional Information 
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For more information about 

Refer to 

Using identifier variables 

“Identifier Variables” in this chapter 

Using the WRITE login script 

“WRITE” in this chapter 

command to display 


messages 



INCLUDE 

Use INCLUDE to execute independent files or another object’s login script 
as a part of the login script currently being processed. 

These subscripts can be text files that contain valid login script commands 
(any of the commands explained in this section) or login scripts that belong 
to a different object you have rights to. 

Command Format 

INCLUDE [path]filename 

or 

INCLUDE object_name 

To use a text file as a subscript, replace path with either a drive letter or a full 
directory path beginning with the NetWare volume name. 

Replace filename with the complete name (including the extension) of the 
text file. 

To execute another object’s login script as part of a login script, replace 
object_name with the name of the object whose login script you want to use. 

Using INCLUDE 

Text files that contain login script commands and other object’s login scripts 
can be used as subscripts. Use these subscripts to supplement the main login 
script. 

You can create and edit text file subscripts using any text editor. Subscripts 
do not have to have any particular filenames or extensions. 


The INCLUDE command executes the login script commands contained in 
the subscript. It does not display the text of the subscripts. 
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INCLUDE nesting is limited only by available memory. This means that one 
subscript file can include another subscript file, which can include yet 
another subscript file, and so on. 

If the subscript is a text file, users must have at least File Scan and Read 
rights to the directory containing the subscript. 

If you are using another object’s login script as a subscript, users must have 
the Browse right to the object whose script you are including and the Read 
right to the object’s Login Script property. 

Examples 

• To execute a text file called SCRIPT.NEW (located in the VOL1: volume) as a 
subscript, add the following line to your main login script: 

INCLUDE VOL1:ADMIN\USERS\SCRIPT.NEW 

• Suppose you are creating a container login script for all users under the 
Organizational Unit object SALES_LA. You recently created a container login 
script for users under the Organizational Unit object SALES_PV. 

Now you’ve decided that the login scripts for the two different groups of users 
are very similar. In fact, you decide that the SALES_LA users could use the 
same login script as the SALES_PV users, but with a few more drive mappings. 

In the SALES_LA login script, you could add the additional drive mappings, 
and then use the INCLUDE command to execute the entire SALES_PV login 
script as a part of the SALES_LA login script, as follows: 

• Create an alias for the SALES_PV Organizational Unit in the SALES_LA 
Organizational Unit. 

• Add this line to the SALES_LA Organizational Unit’s login script. 

INCLUDE .SALES_PV_ALIAS.SALES.ACME_US 

Figure 5-2 illustrates how the INCLUDE command executes the SALES_PV 
login script as part of the SALES_LA login script. 
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Figure 5-2 Using INCLUDE in a Login Script 

LASTLOGINTIME 

Use LASTLOGINTIME to display the last time the user logged in. 

Command Format 

LASTLOGINTIME 

Using LASTLOGINTIME 

If you include this command in your login script, the time of the last login is 
displayed on the user’s workstation screen. 

MACHINE 

Use MACHINE to set the DOS machine name (such as IBM or 
EDIT_ROOM) of the workstation. The MACHINE command is necessary 
for some programs (such as NETBIOS) written to run under PC DOS. 

Do not confuse the MACHINE command with the identifier of the same 
name. The identifier is used with a preceding percent (%) sign in MAP and 
WRITE statements. The identifier reads its value from the NET.CFG file. 
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It is unlikely that you will need to use this command. However, it is 
provided in case you come upon a program that requires it. 

Command Format 

MACHINE=name 

Using MACHINE 

The machine name can be up to 15 characters. (Longer machine names are 
truncated to 15 characters.) 

For example, to specify that the machine name is IBM_PS2, add the 
following line to the login script: 


MACHINE=IBM_PS2 

Additional Information 

For more information about 

Refer to 

Setting machine names in the 

NetWare Client for DOS/Windows User 

NET. CFG file 

Guide 

Using identifier variables 

“Identifier Variables” in this chapter 


MAP 

Use MAP to map drives and search drives to network directories. 

Command Format 

MAP [option] [drive:=path] 

Replace drive with any valid network drive letter, local drive letter, or search 
drive number. 

Replace path with a drive letter, a full directory path, or a Directory Map 
object. 

More than one command can be on the map line if the commands are 
separated by a semicolon (;), as shown in the following example: 

MAP *1:=SYS:PUBLIC;*2:=SYS:PUBLIC\DOS 

When mapping a drive to a directory on an NDS server, begin the path with 
either the Volume object name or server/volume. 
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When mapping to a directory on a bindery-based server or to an NDS server 
that isn’t your current server, begin the path with the server’s name. 

Replace option with one of the following: 

• DISPLAY ON/OFF: Determines whether drive mappings are displayed on the 
screen when the user logs in. The default setting is ON. This option is valid only 
in login scripts. 

• ERRORS ON/OFF: Determines whether MAP error messages are displayed 
when the user logs in. MAP ERROR OFF must be placed before MAP commands 
in the login script. The default setting is ON. This option is valid only in login 
scripts. 

• INS: Inserts a drive mapping between existing search mappings. This option is 
valid in login scripts and at the DOS command line. 

• DEL: Deletes a drive mapping, making that drive letter available for other 
mapping assignments. This option is valid in login scripts and at the command 
line. 

• ROOT: Maps a fake root. Some applications require their executable files to be 
located in a root directory. 

Since you may not want users to have rights at the root directory, you can map a 
fake root to a subdirectory instead. This option is valid in login scripts and at the 
command line. 

• C (CHANGE): Changes a search drive mapping to a regular mapping and a 
regular mapping to a search drive mapping. This option is valid in login scripts 
and at the command line. 

• NP (No prompt): When a MAP command conflicts with an existing drive 
mapping, MAP NP eliminates the prompt that asks the user if the new drive 
mapping should overwrite the old mapping. 

This option is valid only at the command line. 

• P (Physical): Maps a drive to the physical volume of a server rather than to the 
Volume object’s name. 

It is possible to have a Volume object name that conflicts with a physical volume 
name. (For example, object ACCT is an Accounting volume, but there is also an 
ACCT which is a physical volume.) 

Therefore, if you prefer to map a drive to the physical volume name, use MAP P. 
This option is valid in login scripts and at the command line. 

• N (Next): When used without specifying a drive number or letter, maps the next 
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available drive. This option is valid in login scripts and at the command line. 

Using MAP 

Follow these guidelines when using MAP: 

• If you use MAP to automate drive map assignments during execution of the login 
script, users don’t have to map drives manually every time they log in. 

• Specify drive mappings in a login script by entering the same commands that you 
would enter if you were using MAP at the command line. 

• To avoid having the result of each mapping displayed as it is executed, you can 
put the MAP DISPLAY OFF command at the beginning of your login script. 
When all drive map assignments have been completed, add the line MAP 
DISPLAY ON and MAP to your login script. This sequence provides a cleaner 
display for the users as they log in. 

• Instead of specifying drive letters such as F: or G:, you could use an asterisk 
followed by a number n to represent the nth network drive. For example, if your 
first network drive is F: then using MAP *3:= would assign H:, or if your first 
network drive is D: then using MAP *4:= would assign G:. 

This allows drive letters to reorder themselves automatically when local drives 
are removed or added or when the first network drive is changed. 

This also allows users to log in from workstations that have a different number 
of local drives than their regular workstation. 

• You can map a local drive (usually A: through C:) to a network directory, but you 
cannot access the local drive until you remove the network drive mapping. 

• You must not map a redirected drive, such as a CD-ROM drive, to a network 
drive. 

• In many cases, you might find it useful to map network drives in the following 
order: 

• Map the first network drive to the user’s home directory. 

• If users are running Windows from the network, map a drive to each user’s 
directory that contains user-specific files. 

• Map remaining drives to any directories in which users frequently work, such 
as project directories. 
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Mapping Search Drives 

For DOS and Windows workstations, you can map search drives to 
directories that contain applications, executable files, and so forth. Then 
users can execute those applications regardless of the directory in which 
they are currently working. 

A maximum of 16 NetWare search drives is allowed. 


NOTE: Any object names in the login script should either be in the user’s context or should 

have an alias point to the real object in another context. Any object referenced by a 
name outside the user’s context will not work when that object is moved or renamed 
or the context is renamed. See “Alias object” in Concepts. 


When you map a search drive, use a search drive number (an S followed by 
a number). This search drive number assigns the next available drive letter 
to the mapping, stalling with Z and working backwards through the English 
alphabet. 

The letter assigned to the search drive is put into the DOS path statement. If 
you already have search drives in the path statement, the command MAP 
Sl:= will overwrite the first one in the path. To prevent search drive 
assignments from overriding existing DOS PATH letters, use the INSERT 
option when assigning search drives. For example, type 

MAP INS SI6:=path 

To ensure that users can access NetWare utilities, DOS directories, and 
applications, we recommend you map search drives to these directories in 
the following order: 

• Map the first search drive (S1:) to the SYS:PUBLIC directory, which contains the 
NetWare utilities for DOS and Windows workstations. 

• Map the second search drive (S2:) to the DOS directory if users access DOS from 
the network. 

• Map the third and subsequent search drives (S3:, S4:, etc.) to directories 
containing applications and the electronic NetWare documentation. 

• If your users are running Windows from the network, map a search drive to the 
Windows directory for the Windows group. 


5-41 




Customizing the User Environment 

Login Script Commands and Variables 


To avoid inadvertently changing the order of any search drives that must be 
mapped to a specific drive letter, you can map all remaining search drives 
with the number S16:, which assigns the next lowest search number each 
time it is used. 

This command assigns the next available drive letter to the search drive 
without displacing the previous search drives. 

If you have an application that requires a particular - drive letter, you can use 
the following command to map the search drive, replacing drive with the 
drive letter: 

MAP SI6:=drive:=path 

If you map a search drive using a number already assigned to a search drive, 
NetWare makes the old search drive a network drive. The letter assigned to 
the old search drive remains assigned as the converted drive mapping. The 
new search drive takes the next unused letter of the alphabet. 

Mapping Drives to Directory Map Objects 

Another way to map a drive to a directory is to create a Directory Map object 
that points to the directory. Then, if you move the directory, you only need to 
change the Directory Map object rather than all of the login scripts that may 
include that mapping. 

NOTE: It is best to use Directory Map objects in the user’s current context. Do not use 

complete names that point to other contexts. If the map is in another context, you 
should create an alias that points to the real Directory Map object. 

See “Alias object” in Concepts. 


For example, to map a search drive to a Directory Map object whose 
complete name is APPL.SALES_LA.ACME_US, add the following line to 
the login script: 

MAP S2:=.APPL.SALES_LA.ACME_US 

In the previous example, the Directory Map object’s name begins with a 
period, which indicates that the drive is mapped to the drive Root. 
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If the user whose login script this line appears in is also located in the 
SALES_LA.ACME_US context, the MAP command does not have to 
specify the Directory Map object’s complete name. Instead, the line would 
be 

MAP S2:=APPL 

For more information about using Directory Map objects, see “Loading 
Operating Systems and Applications onto the Network” in chapter 3. 

Examples 

• To map the first search drive to the SYS:PUBLIC directory (which contains the 
NetWare utilities for DOS and Windows workstations) add the following line to 
the login script: 

MAP SI:=SYS:PUBLIC 

The second search drive should be mapped to the DOS directory if users run 
DOS from the network. 

• If your network has more than one DOS directory, use variables to indicate the 
directory path. These variables are replaced by the correct information from the 
workstation software when each user logs in. 

To use variables for the DOS directory path, enter the following command in the 
login script: 

MAP S2:=SYS:PUBLIC\%MACHINE\%OS\%OS_VERSION 

• If all users have the same types of computers and are using the same version of 
DOS, you probably have only one DOS directory. In this case, add a line similar 
to the following, substituting the correct directory names: 

MAP S2:=SYS:PUBLIC\IBM_PC\MSDOS\50 

You can also create a Directory Map object that points to the DOS directory, 
then map the search drive to the Directory Map object. 

For more information about creating DOS directories, see “Loading Operating 
Systems and Applications onto the Network” in chapter 3. 

• To map the next available search drive to the SYS:APPL\WORDPROC 
directory, add the following line to the login script: 

MAP S16:=SYS:APPL\WORDPROC 

If you have mapped a Directory Map object to this directory, you can substitute 
the Directory Map object’s name for the directory path. 
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For example, suppose you created a Directory Map object called WPROC, 
which is located in the context SALES.ACME_US, and mapped that object to 
the SYS:APPL\WORDPROC directory. 

Following the rule of no complete names in a login script, you would create an 
alias in your own context to the object in ,SALES.ACME_US. Then use the 
following line in your login script: 

MAP SI6:=WPROC 

• Suppose an application in the FORM directory requires that it reside in the Root 
directory of drive P:, but you don’t want to put the application in the Root 
directory for security reasons. 

You can map a fake root to the directory and map a search drive to it at the same 
time by adding the following line to the login script: 

MAP ROOT S16:=P:=SYS:APPL\FORM 

• To map Richard’s first four regular drive mappings to his home directory, the 
SYS:PUBLIC\OS2 directory (which contains the NetWare utilities for OS/2), the 
REPORTS directory, and the PROJECTS directory, add the following four lines 
to Richard’s user login script: 

MAP *1:=V0L1:HOME\RICHARD 
MAP *2:=SYS:PUBLIC\OS2 
MAP *3:=V0L1:ACCOUNTS\REPORTS 
MAP *4:=V0L1:UPDATES\PROJECTS 

To map Richard's fifth drive to the PUBLIC directory on a NetWare 3.11 server 
named FS1, you need to include the server name in the MAP command. Use the 
following line in your login script: 

MAP *5:=FS1\SYS:PUBLIC 

• If you are mapping a drive to a directory that is located on a volume within your 
current context, include the volume’s common name in the MAP command, as 
demonstrated in the previous examples. 

If you are mapping a drive to a volume that is not in your current context, first 
create an alias to that volume; then include the volume’s common name in the 
MAP command. 

For example, if the complete name of a volume not in your current context is 
VOLl.SALES.ACME_US, then create an alias named VOL1: to that volume. 
The MAP command would include only this common name. 

To map a drive to the APPL directory in this volume, the line in the login script 
would be 
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MAP * 6:=VOLl:APPL 


Additional Information 


For more information about 

Refer to 

Drive mappings 

“Drive mapping” in Concepts 

Enabling users to run DOS 
from the network 

“Loading DOS onto the Network” in 
chapter 3 

Using Directory Map objects 

“Loading Operating Systems and 
Applications onto the Network” in 
chapter 3 


NO_DEFAULT 

Use NO_DEFAULT in a container or profile login script if you do not want 
the default user login script to run. 

Command Format 

NO_DEFAULT 

Using NO_DEFAULT 

If you do not want to create any user login scripts, and you do not want the 
default user login script to run, add this command to either the container or 
the profile login script. 

If you have created a user login script for someone, that login script executes 
whether or not the NO_DEFAULT command is in the container or profile 
login script. 

NOSWAP 

Use NOSWAP to prevent the LOGIN utility from being moved out of 
conventional memory into higher memory (if available) or onto the disk to 
execute a # command and LOGIN at the same time. 

Command Format 

NOSWAP 
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Using NOSWAP 

LOGIN always swaps to extended or expanded memory unless NOSWAP is 
specified on the command line or in the login script. 

If you do not want LOGIN to be temporarily stored in higher memory or on 
the workstation’s disk, use the NOSWAP command. NOSWAP prevents 
LOGIN from being swapped out of conventional memory. 

Then, if the workstation does not have enough memory to handle both 
LOGIN and the # command, the # command fails but the rest of the login 
script executes as usual. 

If you want LOGIN to be swapped out of conventional memory immediately 
every time a # command is executed, place the SWAP command in the login 


script before the # command. 

Additional Information 

For more information about 

Refer to 

Using the # command 

“# (Execute External Program)” in this 


chapter 

Using the SWAP command 

“SWAP” in this chapter 


PAUSE 

Use PAUSE to create a pause in the execution of the login script. 

Command Format 

PAUSE 

Using PAUSE 

Enter this command in your login script at any point you want a pause to 
occur. 

You can add PAUSE to the login script following a message so that the user 
has time to read the message before it scrolls off the screen. 

If you include PAUSE, the message “Strike any key when ready...” appears 
on the workstation screen. The LOGIN utility then waits for a key to be 
pressed before it executes the rest of the login script. 
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PCCOMPATIBLE 

Use PCCOMPATIBLE to enable the EXIT “command” login script 
command to work if your workstation’s LONG MACHINE NAME is not 
IBM_PC. 

Command Format 

PCCOMPATIBLE 

Using PCCOMPATIBLE 

If your computer is an IBM PC compatible machine and not an IBM PC, use 
PCCOMPATIBLE in your login script to inform the LOGIN utility that your 
machine’s long name is something other than IBM_PC. The LONG 
MACHINE NAME (AT&T, COMPAQ, or others) must be included in the 
NET.CFG file. 

Place the following anywhere before EXIT in the login script: 

PCCOMPATIBLE 

Example 

If you have a Hewlett Packard computer and you have changed the LONG 
MACHINE NAME to HE_PAC in the NET.CFG file, and you want to exit to 
NETADMIN from within your login script, put the following commands in 
your login script: 

PCCOMPATIBLE 
EXIT "NETADMIN" 


Additional Information 


For more information about 

Refer to 

Setting the machine name in 
NET.CFG 

NetWare Client for DOSAVindows User 
Guide 

Using the EXIT command 

“EXIT” in this chapter 
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PROFILE 

Use PROFILE in a container script to set or override a user’s assigned or 
command-line-specified profile script. It is useful when defining a group 
profile. 

Command Format 

PROFILE profile_object_name 

Example 

To override the profile script assigned to a user or specified at the command 
line and cause the user to execute a PROFILE script called team_profile, use 
the following command: 

PROFILE team_profile 

REMARK 

Use REMARK to insert explanatory text into your login script. This text 
does not display on the screen. 

Command Format 

REM[ARK] [text] 

or 

• [text] 

or 

; [text] 

Replace text with the comment you want to include in the login script. 

Using REMARK 

Follow these guidelines for using REMARK: 

• To include explanatory text in your login script, begin a line with REMARK, 
REM, an asterisk (*), or a semicolon ( ;). 

• Any text that follows these symbols is ignored when the LOGIN command 
executes your login script. Remarks do not appear on the screen. 

• Using remarks in your login script can make the script much easier for you or 
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other users to read and understand. 

• The REMARK command and its associated text must be the only entry on a line. 
Placing remarks on the same line as other login script commands can cause 
errors. 

• If a remark is several lines long, begin each line with the remark keyword 
(REMARK, REM, an asterisk, or a semicolon). 

Example 

The following are examples of explanatory text that you might use with the 
REMARK command and its variants: 

• This is Richard's login script 
; Mapped network drives follow: 

REM The next mapping is a fake root. 

REMARK This login script is for new users. 

SCRIPT_SERVER 

Use SCRIPT_SERVER to set a home server from where the bindery login 
script is read. 

NOTE: The SCRIPT_SERVER command is for NetWare 2 and NetWare 3 users and has no 

effect on NetWare 4 users. 


Command Format 

SCRIPT_SERVER server_name 

Using SCRIPT_SERVER 

This command has no effect on NetWare Directory Services™. See your 
NetWare 2 or NetWare 3 documentation for information about 
SCRIPT_SERVER. 

SET 

Use SET to set a DOS environment variable to a specified value. 


Command Format 

[TEMP] SET name="value 
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Replace name with an environment parameter that identifies the 
environment you want to change. 

Replace value with identifier variable substitutions. Values must be enclosed 
in quotation marks. 

To change the environment for the login script, but not for the workstation 
after the login script has finished executing, use the optional keyword 
TEMP. 

Using SET 

Use the SET login script command the same way you use the DOS 
command SET. However, when you use SET in a login script, you must 
enter quotation marks (“ ”) around values. 

NOTE: If a variable is set to a path that ends in a \”, these two characters are interpreted as 

an embedded quotation mark preceded by an escape character. To avoid this 
problem, use two backslashes before the ending double quotation marks (\\”). 


The SET commands do not have to be included in login scripts. 

For example, you may decide that it is easier to put some SET commands in 
the workstation’s AUTOEXEC.BAT file. Where you use SET commands 
depends upon your individual needs. 

NOTE: This command does not work in a login script if the DOS workstation’s environment 

is too small. In this case, you should set the environment size in the CONFIG.SYS 
file. 


See the SHELL command in your DOS manual for more information about 
the environment size. 

After you use the SET command to set a value for an environment variable, 
you can use that variable in other login script commands. 

To include an environment variable as an identifier variable in a command, 
enclose the name of the variable in angle brackets, for example, 
<emailuser>. 

Examples 

• You can use SET to make a prompt display the current directory path, such as 
F:\HOME\MARY>, rather than just the drive letter. To do this, add the following 
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line to the login script: 

SET PROMPT="$P$G" 

“$P” lists the current directory path; “$G” displays a “>” (greater than) 
character. See your DOS manual for more information. 

• To set a path for a program called DAILY, which is in the REPORTS 
subdirectory beneath drive G:, you would add the following line: 

SET PATH="G:\REPORTS\DAILY" 

This sets the variable PATH to G:\REPORTS\DAILY. 

NOTE: Setting the variable PATH in the login script removes any search drives previously 

assigned. Use SET PATH only before you map search drives. SET PATH also 
overwrites any paths set in the user’s AUTOEXEC.BAT file. 


To display this path, you can include PATH as an identifier variable in a WRITE 
command by enclosing the variable (not the value) in angle brackets. For 
example, the following line displays “My path is G:\REPORTS\DAILY.” 

WRITE "My path is "%<path> 

• To include an environment variable in a MAP command, precede the variable 
with a percent sign (%). 

For example, you could include the following lines in a login script to set and 
map a drive to the variable NWS: 

SET NWS="C:\XYZ" 

MAP SI 6:=%<NWS> 


Additional Information 


For more information about 

Refer to 

Using environment variables 
as identifier variables in 
other login script commands 

“Identifier Variables” in this chapter 

Using the SET command 

Your DOS manual 

SET_TIME 


Use SET_TIME to set the workstation time equal to the time on the NetWare 
server to which the workstation first connects. 
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Command Format 

SET_TIME ON|OFF 

Using SET TIME 

The default value is SET_TIME ON, which means the workstation time is 
set to the NetWare server time whenever the user logs in. If you include 
SET_TIME OFF in the login script, the workstation time does not update to 
the server’s time. 

SHIFT 

Use SHIFT to change the order in which %n identifier variables are 
interpreted in the login script. The SHIFT command allows users to enter 
FOGIN parameters in any order. 

Command Format 

SHIFT [n] 

Replace n with the number of places you want the variable to shift. The 
default is SHIFT 1. 

Using SHIFT 

You can shift up to 10 arguments. 

When users execute FOGIN, they can include additional parameters. Each 
of these parameters is assigned a %n valuable; in this way, the parameter’s 
real value can be substituted for the %n valuable that appears in the login 
script. 

In the login script, you can add SHIFT with a positive or negative number to 
move the variables in either direction. For example, SHIFT -3 moves each 
%n variable three positions to the left. 

Example 

When Mary logs in, she wants to access her word-processing program, 
change the way it is set up, and map a drive to her work directory called 
ACCNTS. 

Mary also has a command in her login script to map a drive to her FOTUS 
directory, but she does not need it today. The commands in Mary’s login 
script are shown here. 
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LOOP 

IF "%2"="WP" THEN 
SET WP="\U-CML\B-10\D" 

MAP SI 6:=SYS:APPL\WP\SETUP 
IF "%2"="ACCNTS" THEN 
MAP G:=SYS:ACCNTS 
IF "% 2" = "LOTU S" THEN 
MAP SI6:=SYS:APPL\LOTUS 
SHIFT 

IF "%2"<>"" THEN GOTO LOOP 

(In the last line, “IF “%2” < >” is followed by closed quotation marks, which 
means “If %2 isn’t blank”.) 

With these commands in her login script, Mary can log in to the primary file 
server (named FS1) using her username, MARY, as follows: 

LOGIN FS1\MARY WP ACCNTS 

The parameters in Mary’s LOGIN command are given the following values: 

%0=FS1 

%1=MARY 

%2=WP 

%3=ACCNTS 

Mary’s login script looks for %2, which is WR and sets the word-processing 
environment. Then the login script shifts the variables one to the right so that 
%2 now becomes ACCNTS. Upon executing the loop, the login script maps 
a drive to the ACCNTS directory. 

Mary could also change the order of her LOGIN command without affecting 
the way her work environment is set up, as follows: 

LOGIN MARY ACCNTS WP 

The parameters in this LOGIN command are given the following values: 

%0=FSI 

%1=MARY 
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%2=ACCNTS 

%3=WP 

In this case, Mary’s login script looks for %2, which is now ACCNTS. 

The login script maps a drive to the ACCNTS directory. Then the login 
script shifts the variables to the right so that %2 now becomes WP. 

Upon executing the loop, the login script sets the word-processing 
environment. 

Additional Information 


For more information about 

Refer to 

Using %n variables in login 
scripts 

“Using LOGIN Parameters with %n 
Variables” in this chapter. 


SWAP 

Use SWAP to move the LOGIN utility out of conventional memory into 
higher memory (if available) or onto the disk. This allows execution of a # 
command and LOGIN at the same time. 

Command Format 

SWAP [path] 

You can replace path with either a drive letter or a full directory path 
beginning with the NetWare volume name. 

Using SWAP 

By default, the LOGIN utility always swaps to extended or expanded 
memory, unless NOSWAP is specified on the command line or in the login 
script. 


NOTE: The SWAP option does not work with the DR DOS 6.0 EMM386 Memory Manager 

option unless upper memory is disabled. 


If you specify a path in the SWAP command, LOGIN swaps into the 
directory you specified. If the directory specified in that path does not exist 
or if you do not have rights there, LOGIN prompts you for another path. 
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If you do not specify a path, LOGIN swaps either into higher memory (if 
available) or to the current drive. If LOGIN tries to swap to the current drive 
and you don’t have rights to the current drive, LOGIN prompts you for a 
path to use. If you specify a valid path, LOGIN always swaps to the 
specified path. 


Then, if the workstation does not have enough memory to handle both 
LOGIN and the # command, the # command fails but the rest of the login 
script executes as usual. 

Additional Information 


For more information about 

Refer to 

Using the # command 

“# (Execute External Program)” in this 
chapter 

Using the NOSWAP 
command 

“NOSWAP” in this chapter 


TEMP SET 

Use TEMP SET to change the environment for the login script, but not for 
the workstation after the login script has finished executing. 

See “SET” in this chapter. 

WRITE 

Use WRITE to display messages on the workstation screen when a user logs 
in. 

Command Format 

WRITE "[text][%identifier]" [;][identifier] 

Replace text with the words you want to display on the screen. 

Replace identifier with a variable you want to display, such as a user’s login 
name. (See “Using Identifier Variables” in this chapter for a complete list of 
variables.) 
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Using WRITE 

Text you want to display must be enclosed in quotation marks (“ ”). 

There are several ways to display variables in the text message. The way you 
enter the valuable in the WRITE command determines the display format, as 
follows: 

• If you type the identifier variable exactly as shown, with no special punctuation, 
only the variable is displayed on the screen. (See “Login Script Identifier 
Variables” in Table 5-6.) 

• If you enclose the identifier variable inside quotation marks, then precede the 
variable by typing a percent sign (%) and type the text in uppercase letters, both 
the variable and the text are displayed on the screen. 

This method is often used to combine regular text with an identifier variable 
because both the text and the variable can be enclosed in the same quotation 
marks. 

To join several text strings and identifier variables into a single display 
without enclosing the variables in quotation marks, use a semicolon between 
the text and the variables. 

If you have several WRITE commands, each one appears on a separate line 
on your workstation. However, if you put a semicolon at the end of all but 
the last WRITE command, the commands appear as one continuous 
sentence or paragraph (although they may wrap onto additional lines on the 
workstation’s screen). 

Text strings can include the special characters in Table 5-4: 


Text String Characters 


Character 

Meaning 

\r 

Makes a carriage return occur 

\n 

Starts a new line of the text 

\” 

Displays a quotation mark on the screen 

\7 

Makes a beep sound 
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Table 5-5 


In addition to the semicolon, there are other operators you can use to form 
compound strings (in other words, to join text and identifier variables into 
one command). These operators are listed in Table 5-5 in order of 
precedence. 

Text and Identifier String Operators 


Operator 

Meaning 

* 1 % 

Multiply, divide, modulos 

+ - 

Add, subtract 

» « 

Shift left or right (1000 » 3 becomes 1) 


Examples 

• To display the message “Hello,” add the following line to the login script: 

WRITE "Hello" 

• To display the user’s last name (surname) along with a greeting, add the identifier 
LAST_NAME to the command. To do this, either join the text and the identifier 
with a semicolon or include the variable in the quotation marks with the text. 

Either of the following lines displays “Hello, Smith” when user Bob Smith logs 
in: 

WRITE "Hello, " ;%LAST_NAME 
WRITE "Hello, %LAST_NAME" 

• To make a beep sound occur while the phrase “Good morning” appears on the 
screen, add the following line to the login script: 

WRITE "Good %GREETING_TIME \7" 
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Identifier Variables 

With many login script commands, you can take advantage of identifier 
variables to make your login script more efficient and flexible. 

Identifier variables allow you to enter a variable (such as LAST_NAME), 
rather than a specific name (such as Smith) in a login script command. When 
the login script executes, it substitutes real values for the identifier variables. 

By using the variable, you can make the login script command applicable to 
many users instead of limiting it to one user. 

For example, the command 

WRITE "Hello, "% LAS T_NAME 

displays the following message on Bob’s Smith’s workstation screen when 
he logs in: 

Hello, SMITH 

Similarly, when Mary Jones logs in, the message she sees is 

Hello, JONES 

In the previous example, when the user logged in, the user’s actual last name 
was substituted for the LAST_NAME variable in the command. 

Table 5-6 lists all the available identifier variables. 
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Table 5-6 Login Script Identifier Variables 


Category 

Identifier Variable 

Function 

Date 

DAY 

Day number (01 through 31) 


DAY_OF_WEEK 

Day of week (Monday, Tuesday, etc.) 


MONTH 

Month number (01 through 12) 


MONTH_NAME 

Month name (January, February, etc.) 


NDAY_OF_WEEK 

Weekday number (1 through 7; l=Sunday) 


SHORT_YEAR 

Last two digits of year (94, 95, 96, etc.) 


YEAR 

All four digits of year (1994, 1995, 1996, etc.) 

Time 

AM_PM 

Day or night (am or pm) 


GREETING_TIME 

Time of day (morning, afternoon, or evening) 


HOUR 

Hour (12-hour scale; 1 through 12) 


HOUR24 

Hour (24-hour scale; 00 through 23; 00=midnight) 


MINUTE 

Minute (00 through 59) 


SECOND 

Second (00 through 59) 

User 

%CN 

User’s full login name as it exists in NDS™. 


ALIAS_CONTEXT 

“Y” IF REQUESTER_CONTEXT is an alias. 


FULL_NAME 

User’s unique username. It is the value of the 
FULL_NAME property for both NDS and 
bindery-based NetWare. Spaces are replaced with 
underscores. 


LAST_NAME 

User’s last name (surname) in NDS or full login 
name in bindery-based NetWare. 


LOGIN_CONTEXT 

Context where user exists. 


LOGIN_NAME 

User’s unique login name (long names are 
truncated to eight characters). 


MEMBER OF “group” 

Group object to which the user is assigned. 


NOT MEMBER OF “group” 

Group object to which the user is not assigned. 
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Table 5-6 Login Script Identifier Variables 


Category 

Identifier Variable 

Function 


PASSWORD_EXPIRES 

Number of days before password expires. 


REQUESTER_CONTEXT 

Context when login started. 


USERJD 

Number assigned to each user. 

Network 

FILE_SERVER 

NetWare server name. 


NETWORK_ADDRESS 

IPX external network number of the cabling 
system (8-digit hexadecimal number). 

Workstation 

MACHINE 

Type of computer (IBM_PC, etc.). 


NETWARE_REQUESTER 

Version of the NetWare Requester for VLM users. 


OS 

Type of DOS on the workstation (MSDOS, etc.). 


OS_VERSION 

Operating-system version on the workstation 
(3.30. etc.). 


P_STATION 

Workstation's node address (12-digit 
hexadecimal). 


SHELL_TYPE 

Version of the workstation’s DOS shell (1.02, etc.); 
supports NetWare 2 and 3 shells and NetWare 4 
Requester for DOS. 


SMACHINE 

Short machine name (IBM, etc.). 


STATION 

Workstation’s connection number. 

DOS 

environment 

<variable> 

Any DOS environment variable can be used in 
angle brackets (<path>, etc.). To use a DOS 
environment variable in MAP, COMSPEC, and 

FIRE PHASERS commands, add a percent sign 
(%) in front of the variable. For example. 



MAP S16:=%<path> 
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Table 5-6 

Login Script Identifier Variables 

Category 

Identifier Variable 

Function 

Miscellaneous 

ACCESS_SERVER 

Shows whether the access server is functional 
(TRUE=functional, FALSE=not functional). 


ERROR_LEVEL 

An error number (0=no errors). 


%n 

Replaced by parameters the user enters at the 
command line with the LOGIN utility. For more 
information, see “Using LOGIN Parameters with 
%n Variables” in this chapter. 

Object properties 

property name 

You can use property values of NDS objects as 
variables. Use the property values just as you do 
any other identifier variable. If the property value 
includes a space, enclose the name in quotation 
marks. 

To use a property name with a space within a 
WRITE statement, you must place it at the end of 
the quoted string: 

WRITE “Given name=%GIVEN_NAME” 

IF “%MESSAGE SERVER"=”MS1" THEN 

MAP INS S 16:=MS 1\SYS:EMAIL 

To see a list of object properties, see Appendix A, 
“NDS and Bindery Objects and Properties,” of 
Utilities Reference. Not all properties are 
supported. 


Using Identifier Variables 

When using identifier valuables in login script commands, observe the 
following conventions: 

• Identifier variables are used most often with commands such as IF.. .THEN, 
MAP, and WRITE. They can also be used with commands for which you can 
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specify a path, such as COMSPEC. 

• Type the variable exactly as shown. 

• To use DOS environment variables as identifiers, enclose them in angle brackets. 

• Identifier variables can be placed within literal text strings in a WRITE statement. 
However, the identifier variable must be in uppercase letters and preceded by a 
percent sign. (Literal text is the text that is displayed on the screen, such as “Sales 
report is due today.” Literal text must be enclosed in quotation marks.) 

Examples 

• If user Smith logs in during the morning, both of the following lines display the 
same message on his screen (“Good morning, SMITH”): 

WRITE "Good GREETING_TIME; ", LAST_NAME 

WRITE "Good %GREETING_TIME, %LAST_NAME" 

• To use DOS environment variables as identifiers, enclose them in angle brackets. 
The following example uses the DOS environment variable “path”: 

WRITE "my path is "%<path> 

The text displayed on the screen is similar to this: 

my path is z:.;y:.;c:\WINDOWS 

Using LOGIN Parameters with %n Variables 

Some variables in a login script can be indicated by a percent sign (%) 
followed by a number from 0 to 9. 

When a user logs in, he or she can type additional parameters that the 
LOGIN utility passes to the login script. The login script then substitutes 
these parameters for any %n variables in the login script. These valuables are 
replaced in order by the parameters the user typed when executing the 
LOGIN utility. 

The %0 variable is replaced by the name of the NetWare server the user 
typed at the command line, and % 1 is replaced by the user’s login name. The 
remaining variables change, depending on what the user types when 
executing LOGIN. The %n valuables must precede all command line 
options. 
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The SHIFT login script command allows you to change the order in which 
these %n variables are substituted. For more information about the SHIFT 
command, see “SHIFT” in this chapter. 

The %n variables can be used in WRITE statements if they are included 
within the quotation marks: 

WRITE "My login name is % 1 ." 

Example 

Suppose a login script contains the following commands: 

IF ”% 2" = "SALE S" THEN 
WRITE "Meeting today" 

END 

IF "% 3" = "LEGAL" THEN 

WRITE "Report is due tomorrow" 

END 

If user RON logged in by typing the following command: 

LOGIN COUNT\RON SALES MARKETING 

then the login script would substitute the values Ron entered at the keyboard 
for the %n variables in the login script, as shown here: 

%0=COUNT 

%l=RON 

%2=SALES 

%3=MARKETING 

Since %2 is replaced by “SALES,” the message “Meeting today” is 
displayed on Ron’s screen. However, since %3 is replaced by “Marketing,” 
Ron doesn’t see “Report is due tomorrow.” 
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Examples of Login Scripts 

The following examples of login scripts may help you plan your own 
container, profile, and user login scripts. Each example login script is shown 
in a table. 

The left column of each table shows the commands in the login script. The 
right column explains the command’s puipose. 

For instructions on creating login scripts, see “Creating or Modifying a 
Login Script Using NetWare Administrator” or “Creating or Modifying a 
Login Script Using NETADMIN” in this chapter. 

Default Login Script 

The default login script executes the first time User object ADMIN logs in. 
It also executes for any users who do not have user login scripts. 

You can’t modify the default login script because it is coded into the LOGIN 
utility. Instead, you can create container, profile, or user login scripts. 

Table 5-7 lists the content of the default login script. 


Table 5-7 Default Login Script 


Login Script Command 

Purpose 

MAP DISPLAY OFF 

Prevents map commands from displaying 
on the screen. 

MAP ERRORS OFF 

Prevents mapping errors from displaying on 
the screen. 

MAP *1:=SYS: 

Maps the first drive to volume SYS:. 

MAP * 1:=SYS:%LOGIN_NAME 

Maps the first drive to the user’s home 
directory if LOGIN_NAME is the same as 
the user’s home directory. If the user has no 
home directory, the first drive is still 
mapped to SYS:. 
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Table 5-7 Default Login Script 


Login Script Command 

Purpose 

IF “%1”=“ ADMIN” THEN MAP *1:=SYS:SYSTEM 

If the login name is ADMIN, the first drive 
is mapped to SYS:SYSTEM instead of the 
user’s home directory. 

MAP P:=SYS:PUBLIC 

If the user logs in from an OS/2 
workstation, drive P: is mapped to 
SYS:PUBLIC. 


If the user is not using an OS/2 workstation, 
this drive mapping is not included in the 
default login script. 

MAP INS S1:=SYS:PUBLIC 

MAP INS S2:=SYS:PUBLIC\ 

%MACHINE\%OS\%OS_VERSION 

If the user is using a DOS or Windows 
workstation, the first search drive is mapped 
to SYS:PUBLIC, where DOS-based 

NetWare utilities are stored. 


Then the second search drive is mapped to 
the directory where DOS is stored. (The two 
MAP commands are joined by a 
semicolon.) 


If the user logs in from an OS/2 
workstation, these drive mappings are not 
included in the default login script. 

MAP DISPLAY ON 

Allows MAP commands to display. 

MAP 

Displays a list of all drive mappings on the 
user’s screen. 


Container Login Script 

The container login script should contain as much information as possible 
that applies to all users. An example is shown in Table 5-8. 
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Table 5-8 Sample Container Login Script 


Login script command 

Purpose 

MAP DISPLAY OFF 

Prevents MAP commands from displaying on 
the screen as they are assigned. 

MAP ERRORS OFF 

Prevents mapping errors from displaying on 
the screen. 

MAP *1:=SYS: 

Maps the first drive to volume SYS:. 


MAP * 1 :=SYS:%LOGIN_NAME Maps the first drive to the user’s home 

directory if LOGIN_NAME is the same as 
the user’s home directory. If the user has no 
home directory, the first drive is still mapped 
to SYS:. 


IF “% l’’=’’ADMIN” THEN MAP If the login name is ADMIN, the first drive is 

*1:=SYS:SYSTEM mapped to SYS:SYSTEM instead of the 

user’s home directory. 


IF MEMBER OF “WIN31” THEN 
MAP INS 

* 2:=S YS: US ERS\% LOGIN_N AME\ WIN 31 
MAP INS S16:=SYS:APPS\WINAPPS\WIN31\ 
SET TEMP =“P:\USERS\%LOGIN_NAME\ 
WIN31\ 

TEMP” 

END 


MAP INS S16:=VOL1: APPLYWP 

Maps the next available search drive to the 
directory that contains WordPerfect. 

MAP INS S16:=VOL 1: APPLVLOTUS 

Maps the next available search drive to the 
directory that contains Lotus. 

MAP INS S16:=SYS:EMAIL 

Maps the next available search drive to the 
EMAIL directory. 


If the user who logs in is a member of the 
Group object WIN31, the next available drive 
is mapped to that user’s Windows directory. 
Then the next available search drive is 
mapped to the Windows directory for the 
WIN31 group. Finally, the Windows TEMP 
directory is set to a subdirectory of the user’s 
Windows directory. 
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Table 5-8 Sample Container Login Script 


Login script command 

Purpose 

IF MEMBER OF “MANAGERS” THEN 

MAP *3:=VOLl:PROJECTS\REPORTS 

END 

If the user belongs to the Group object 
MANAGERS, the login script maps the third 
network drive to the REPORTS directory. 

IF MEMBER OF “TESTERS” THEN 

MAP *4:=INPUT:STATUS\UPDATES 

END 

If the user belongs to the Group object 
TESTERS, the login script maps the fourth 
network drive to the UPDATES directory. 

COMSPEC=S 2: COMM AND. COM 

Sets COMSPEC to the DOS command 
processor, located in the DOS directory (in 
the second search drive). 

SET PROMPT=“$P$G” 

Sets the prompt to display the user’s current 
directory path followed by the “>” symbol. 

MAP DISPLAY ON 

Allows MAP commands to display. 

MAP 

Displays a list of all drive mappings. 

WRITE 

Displays a blank line between the list of 
mappings and following lines. 

WRITE “Good %GREETING_TIME, 
%LAST_NAME.” 

Displays a greeting to the user. Example: 

“Good morning, SMITH.” 

WRITE “Your password expires in 
%PASSWORD_EXPIRES days.” 

Displays a message indicating the number of 
days before the user’s password expires. 

FIRE 3 

Makes the phaser sound occur three times to 
tell the user that the login process is complete. 


Profile Login Script 

If you have groups of users with identical login script needs, you can create 
a Profile object, then create a login script for it. Then you can assign each 
user to be a member of that Profile object. 
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Table 5-9 shows an example of a profile login script you might create for 
users in the Profile object ACCOUNTING. This profile login script would 
execute after the container login script had executed. 

Table 5-9 Sample Profile Login Script 


Login script command 

Purpose 

MAP DISPLAY OFF 

Prevents MAP commands from displaying 
on the screen as they are assigned. 

MAP ERRORS OFF 

Prevents mapping errors from displaying on 
the screen. 

MAP INS S16:=VOLl:APPL\DB 

Maps the first available search drive (after 
those assigned in the container login script) 
to the directory that contains the database 
program. 

MAP *5: = VOL1:ACCOUNTS\NEW 

Maps the fifth network drive (after those 
assigned in the container login script) to the 
NEW subdirectory. 

MAP *6:=VOLl:ACCOUNTS\RECORDS 

Maps the sixth network drive (after those 
assigned in the container login script) to the 
RECORDS subdirectory. 

#WSUPDATE SLIPXODI.COM /LOCAL 

Executes WSUPDATE which updates the 
IPXODI.COM file on the user’s workstation 

with a new version of the file located in the 

first search drive. 

MAP DISPLAY ON 

Allows MAP commands to display. 

MAP 

Displays a list of all drive mappings. 

WRITE 

Displays a blank line between the list of 
mappings and following lines. 

IF DAY_OF_WEEK=“FRIDAY” THEN 

WRITE “Weekly progress report is due today” 

FIRE 2 

END 

On Fridays, the phaser sound occurs twice 
to alert the user while the message “Weekly 
progress report is due today” displays on the 

screen. 
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Table 5-9 Sample Profile Login Script 


Login script command 


Purpose 


PCCOMPATIBLE 
EXIT “NMENU WORK” 

If you want a user login script to execute 
after the profile login script, put these lines 
at the end of the user login script instead. 

(DOS workstations with the machine name 
IBM_PC do not need the PCCOMPATIBLE 
line.) 


Stops the profile login script and sends the 
user into a menu program called WORK. 

EXIT also prevents any user login scripts 
from executing. 


User Login Script 

Table 5-10 shows an example of a user login script for user Mary. The user 
login script executes after the container and profile login scripts have 
executed. 

Table 5-10 Sample User Login Script 


Login script command 

Purpose 

MAP DISPLAY OFF 

Prevents MAP commands from displaying 
on the screen as they are assigned. 

MAP ERRORS OFF 

Prevents mapping errors from displaying 
on the screen. 

MAP *7:=VOL1 :MARY\PROJECTS\RESEARCH 

Maps Mary’s seventh network drive (after 
those assigned in the container and profile 
login scripts) to the RESEARCH 
subdirectory in her home directory. 

MAP *8:=VOLl:FORMS 

Maps Mary’s eighth network drive (after 
those assigned in the container and profile 
login scripts) to the FORMS directory. 
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Table 5-10 Sample User Login Script 


Login script command 

Purpose 

REM Mary needs access to FORMS while she’s on the 
REM troubleshooting team. Remove the driver 
mapping REM when Mary is reassigned. 

This remark is intended as a reminder to 
the person who created the login script. 

This remark isn't displayed on the user’s 
screen. (Because the remark is several 
lines long, each line starts with REM.) 

SET WP=”/u-mjr/b-5” 

Sets Mary’s environment variables for her 
word-processing application. 

SET USR=”mrichard” 

Sets Mary’s username (mrichard) for the 
electronic mail program. 

#CAPTURE Q=FAST_Q NB Tl=10 NFF 

Executes the CAPTURE utility so Mary 
can print from non-network applications. 

PCCOMPATIBLE 

EXIT “NMENU TRAINING” 

Stops the user login script and sends the 
user into a menu program called 

TRAINING. (DOS stations with the 
machine name IBM_PC don’t need the 
PCCOMPATIBLE line.) 
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Introduction 

This chapter provides steps on how to create and use menus in NetWare® 
and includes information about the following: 

• How to create, convert, or modify menus 

• How to use the NMENU program 

• NMENU commands 

• How to create new menu files and convert old menu files 
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Creating, Converting, and Modifying Menu Files 

Menus create a simple front end to the users’ working environment. They 
make it easy to access network resources by presenting a list of options 
instead of requiring the user to enter cryptic DOS commands. 

Menus can be shared by multiple users, requiring the creation of fewer 
menus. Or, for the unique requirements of some users, custom menus can be 
easily created as needed. 

In NetWare 4™, NMENU.BAT replaces the MENU.EXE utility included in 
earlier versions of NetWare. The NMENU files are easy to script, require 
less memory, and run faster than did the old MENU utility files. 

Existing menu files from earlier NetWare versions can be easily converted 
for use by the newer NMENU program (see “Converting Old Menu Files” in 
this chapter ). The NMENU utility works on all versions of NetWare 2, 
NetWare 3™, and NetWare 4. 

Because NMENU relies on special files to execute, (and those files that are 
dependent upon a few special commands) this chapter focuses on use of the 
scripting commands that make up a menu file. 

This chapter is organized as follows: 

• Guidelines for planning your menus are located in “Planning Your Menus” in this 
chapter. 

• Commands and their usage are explained in “Using the NMENU Commands” in 
this chapter. 

• Several example programs are given in “Creating a Menu File” in this chapter. 

• Making menus available to users is explained in “Setting Up the User 
Environment” in this chapter. 

• Converting old menu fdes is explained in “Converting Old Menu Files” in this 
chapter. 
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Getting Acquainted with NMENU 

Since the sole function of NMENU is to cause a scripted file to execute, 
there is little to learn about NMENU.BAT except its syntax. The command 
is followed by the menu filename. 

NMENU Syntax 

nmenu filename 

Replace filename with the menu filename. 

What Menus Look Like 

Figure 6-1 shows the display created by a single-window menu with only 
three options. Whether a menu displays one or more windows, the top and 
bottom bars of the screen remain the same. 

The top bar always displays the NMENU version number on the left and the 
day, date, and time on the right. The bottom bar displays the available 
options. 


6-4 



Creating Menus 

Getting Acquainted with NMENU 


Novel 1 Menu System 04.02 Monday August 8, 1994 10:26am 


Title Bar 


A. One 

B. Too 
X. Exit 


F2=Session Information Fl=Help 


Figure 6-1 A Single-Window Menu 

When you create menus with multiple windows, the windows cascade from 
left to right. Window sizing is automatically determined by the content of 
each window. 

What Makes Menus Work 

You create menu files with a text editor and save the file with an .SRC 
extension. Then you use the MENUMAKE program to compile the file. It is 
given a .DAT extension and, as a compiled file, is no longer editable. Any 
edits must be made to the .SRC file and then the .SRC file must be 
recompiled. 

Elements of a Menu 

There are three primary elements to every menu: MENU, ITEM, and EXEC. 
As these elements are expanded and repeated, controlled options are 
displayed within each window. 
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Figure 6-2 shows the .SRC file used to create the menu in Figure 6-1. This 
file shows how these three elements are used. Details about these elements 
and their options are covered later in the chapter. 


Menu 1,Title Bar 

Item One {pause} 

Exec dir 

Item Two {show pause} 

Exec ver 
Item A XExit 
Exec EXIT 

Primary Elements of a Menu 

• Element 1: MENU 

MENU specifies a window within the menu file. It includes a menu number and 
a menu name. The menu name is the title bar for the menu. 

• Element 2: ITEM 

ITEM includes the text the user will see. It is given an indicator letter by default, 
or you can determine the character to precede it. Each option to be displayed in 
the window must be preceded by the word ITEM. 

Some options are available for the ITEM line; these options are discussed in 
“ITEM” in this chapter. 

• Element 3: EXEC 

EXEC is the primary command for the third element. In the menu file shown in 
Figure 6-2, EXEC issues three separate commands: a directory listing, a display 
of the current version of DOS running, and a command to exit the menu. 

Combining the Elements 

Figure 6-3 illustrates a menu with 10 windows, created by including 10 
MENU commands in the same file. Each window is automatically sized and 
cascaded across the screen. 
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Figure 6-3 A Multiple-Window Menu 

Menu Creation Steps 

There are generally six steps to follow when considering a new menu. The 
relationship among steps is shown in Figure 6-4. 



Figure 6-4 Charting the Steps in Creating a Menu 


Procedure Each step in the flowchart is explained next. 
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1 Plan and design your menu. Before starting, answer the following questions: 

• Who is it for? 

• What do the users need access to? 

• Should they have access to a NetWare prompt? 

• Should they be forced to log out when exiting? 

• How complex is the menu? Will it need to be in multiple files? 

2 Use a text editor to create your menu file with an .SRC extension. 

3 Compile the .SRC file with the MENUMAKE program. This will create a .DAT 
version of the file. 

The results of any errors occurring during the compile process, including 
detailed error messages per line of script, are displayed on your screen. Fix the 
errors in the .SRC version of the file according to the error messages, and then 
recompile. 

When you have eliminated all the errors, continue with Step 4. 

4 Run NMENU filename.dat to verify that it does what you expect. 

5 Change the program if needed, as described in Step 3, and then repeat Step 4. 
When Step 4 is successful, go on to Step 6. 

6 Provide access to the intended users by placing the .DAT file in an appropriate 
directory and granting sufficient rights to the users. 

Information on placement of files and required rights is in “Making Menus 
Work” in this chapter. 

Following these six steps can help you learn how to use the scripting 
language and how to manage the menu files you create. 

Use of the NMENU program is almost unlimited. When considering the 
uses for menus, remember that they can be as simple as presenting available 
application programs (see Figure 6-5). 
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Au 

Available Word Processors 


A 


A. WordPerfect 5.1 


B 


B. WordPerfect 6 


X 


C. Word 


Figure 6-5 Example of a Simple Menu 

Menus also can be more complex, such as guiding data entry for cataloging 
(see Figure 6-6). 



Data Entry 



|A. Add Entry to Catalogue 



User Input Requested 


Enter Title 

Enter Author’s Name 

Category: l=Apps, Z=Prod, 3=Self 


Figure 6-6 Example of a More Complex Menu 

The text used to create the four menus shown in this section (Figure 6-1, 
Figure 6-3, Figure 6-5, and Figure 6-6) is included in “Example Menu 
Programs” in this chapter. 

Before you look at how these menus were created, however, you should be 
familiar - with the guidelines for planning menus and also with the scripting 
language rules. 
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Planning Your Menus 

Several considerations are important when planning a menu. Details are 

presented throughout this chapter, but some general rules include the 

following: 

• You must include an EXIT or LOGOUT command in the menu to be able to leave 
the menu. For security reasons, the <Esc> key doesn't work. 

• The maximum number of windows per menu is 11 (1 main window and 10 
sub windows). 

• The maximum number of menus you can define in a single file is 255. 

• The maximum “MENU” name length (title bar) is 40 characters. 

• The maximum number of “ITEM” lines per window is 12. 

• The maximum width of each window “ITEM” is 40 characters. 

• The maximum text fde width is 78 characters. 

• The main menu must be at the beginning of the .SRC file. 

• Submenus defined in the same fde are called with the SHOW command by menu 
number. 

• Menus in separate fdes are called as submenus, by menu name, with the LOAD 
command. 

• If a command wraps to another line, you should type a plus sign (+) at the end of 
the line and continue the command on the next line. 

• Menu colors are determined by the settings in the COLORPAL utility. See” 
COLORPAL” in Utilities Reference. 
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Table 6-1 


Using the NMENU Commands 

Menu programs use two types of commands: organizational and control. The 
following sections describe these commands and their options. 

NMENU Organizational Commands and Options 

Organizational commands establish the content and organization of the 
menus the user sees on the screen. Use these commands to determine what 
the menus look like. 

Table 6-1 gives an overview of the organizational commands. Detailed 
information about each command follows the table. 


NMENU Organizational Commands 


Command 

Explanation 

MENU 

Marks the beginning of a new menu or submenu screen in 
the text. 

ITEM 

Identifies an item to be listed on the menu. Specifies 
execution parameters. 

MENU 


Indicates a new window definition within your menu file. 

Command Format 

MENU menu_number,menu_narae 

Replace menu_number with the number you want to assign to this menu. 
Menus are called and displayed by their number. 

A menu number can be any number from 1 through 255. Each menu within a 
source file must be assigned a unique number, but the number sequence 
doesn’t matter. 

Replace menu_name with the title you want to appear at the top of the menu. 
Menu names can be a maximum of 40 characters long. 
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Using MENU 

The first menu defined in the source file is always the first menu displayed, 
no matter what number is assigned to it. Subsequent menus are referenced 
by their numbers, no matter what order they appeal - in the .SRC file. 

For example, if you have defined three menus and assigned them numbers 1, 
2, and 5, and menu 5 is the first menu in the source file, menu 5 is displayed 
first. Menus 1 and 2 are referenced in control commands and displayed 
depending upon user selection. 

Example 

To define a main menu for a program to be used by accountants in your 
company, type a line similar to the following: 

MENU 1,Accounting Main Menu 

Since this is the first menu you want to appear, place it at the beginning of 
your menu program. 

ITEM 

Indicates an option in the menu. 

Command Format 

ITEM item_name { [option. . . ] } 

Replace item_name with the list item you want to appear in the menu. The 
maximum length for an item is 40 characters. 

Replace option with one or more of the options shown in Table 22. Separate 
multiple options with a space. Enclose all options for a single ITEM within a 
single set of braces. 

These options provide you with better control of menu execution. You 
determine how memory is used, which directory the user remains in, and 
what information is presented to those users. 
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Table 6-2 


ITEM Command Options 


ITEM option 

Explanation 

BATCH 

Removes the menu program from memory before 
executing the item. 


Without this option, a portion of the memory 
stays resident, requiring approximately 32 KB of 
available memory, even though an application 
may be running. 


For example, if you type 


ITEM Word 5.0 {BATCH} 


the menu program is removed from memory 
when Word 5.0 is executed. 


Setting this option automatically sets the CHD1R 
option. Do not use this command with the EXEC 
DOS command; use EXEC CALL. 


For more information, see “EXEC” in this 
chapter. 
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ITEM Command Options 


ITEM option 

Explanation 

CHDIR 

When the word-processing application is closed, 
the directory is changed to the original directory 
for the menu. 

Changes back to the drive and directory that were 
in effect before an ITEM was executed. 

For example, to change back to the drive and 
directory the user was in before executing a 
word- processing application in another 
directory, type 

ITEM Word 5.0 {CHDIR}. 

PAUSE 

Allows users to read messages associated with a 
command being executed from the menu by 
pausing the screen display. 

The message “Press any key to continue” is also 
displayed, and the screen does not change until a 
user presses a key. 

For example, to display a message when a user 
selects the item “DOS Copy” from the menu, 
include this line: 

ITEM DOS Copy {PAUSE} 

When the copy function is complete, the display 
waits at the “Press any key...” prompt for a key 
to be pressed before returning to the menu. 

SHOW 

Displays the command name, such as COPY or 
DIR, in the upper left corner of the screen. 

For example, if you type 

ITEM Copy Files {SHOW} 

the DOS command COPY is displayed when the 
item is executed. 


Using ITEM 
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List items appeal - on the menu in the same order as they appear in the source 
file. They are not displayed in alphabetical order. 

Each item is automatically assigned an alphabetic selection character. 

If you want to assign a different character, place a carat ( A ) and the character 
you want in front of the item name (no spaces). 

NOTE: Forcing the selection character shortens the maximum line length to 38 characters. 

If you assign any selection letters, you should assign a letter to all menu list 
items. Otherwise an item may be automatically assigned a letter you 
assigned previously. 

Example 

For example, if the first menu item is “Word Processing” and you want to 
assign it the letter “W” instead of the automatic letter designation of “A,” 
type 

ITEM A WWord Processing 

NMENU Control Commands and Options 

Control commands tell NMENU how to perform an action, such as 
displaying a submenu or user prompt, performing a DOS function, or 
starting an application. You also use these commands to tell the menu 
program how to process information and execute commands. 

Table 6-3 gives an overview of the control commands. Detailed information 
about each command follows the table. 

Table 6-3 NMENU Control Commands 


Command 

Explanation 

EXEC 

Executes a DOS or NetWare command following an ITEM 


statement. 

SHOW 

Displays a submenu from the same .DAT file. 

LOAD 

Calls and displays a menu as a submenu from a different 
.DAT file than the one you are running. 
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NMENU Control Commands 


Command 

Explanation 

GETO 

Requests information from the user before a menu item is 
executed. User input is optional. (See “GETx (GETO, 

GETR GETR)” in this chapter.) 

GETP 

Requests information from the user before a menu item is 
executed. User input is required for the program to proceed. 
Assigns a variable (%n) to the information so it can be used 
again. (See “GETx (GETO, GETP, GETR)” in this chapter.) 

GETR 

Requests information from the user before a menu item is 
executed. User input is required for the program to proceed. 
(See “GETx (GETO, GETP, GETR)” in this chapter.) 

EXEC 


Instructs NMENU to perform the command that follows EXEC. 

Command Format 

EXEC command 

Replace command with the command required to execute the ITEM. This 
could be the name of an executable file, a DOS or NetWare command, or 
one of the options associated with EXEC. The EXEC options are described 
in Table 6-4. 


EXEC Command Options 


EXEC option 

Explanation 

EXEC CALL 

Runs a batch file and returns to NMENU. If you want 
to return to NMENU after a batch file executes, use this 
command to call batch files. 

EXEC DOS 

Runs the DOS command processor. If this command is 
used, the menu user must type “EXIT” when DOS 
processing is completed in order to return to NMENU. 
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Table 6-4 


EXEC Command Options 


EXEC option 

Explanation 

EXEC EXIT 

Exits the user from NMENU, but leaves the user 
logged in to NetWare. For security reasons, users 
cannot access the NetWare prompt unless this 
command is included in the menu. 

EXEC 

LOGOUT 

Exits the user from NMENU and logs the user out of 
the network, leaving the user at the DOS prompt. (See 
“Setting Up the User Environment” in this chapter.) 

Using EXEC 


EXEC must follow the ITEM to which it applies. It must also follow other 
control commands needed by ITEM. 

Example 

To load Word®5.0 from a menu, include in the menu file the two following 
lines: 

ITEM Word 5.0 
EXEC Word5 

LOAD 

Instructs NMENU to execute a separate menu file. 

Command Format 

LOAD filename 

Replace filename with the name of another NMENU program. 

If you have several menu programs created with the .DAT extension, use this 
command to call another menu program from the active menu program. 
LOAD always calls menus by their filename, not by number. 

Using LOAD 

Use this command when you have multiple menu programs defined. 
Although you can define up to 255 menus per source file, smaller separate 
files are easier to manage and update. 
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The NMENU file being loaded must be in the current directory, or you must 
have a search path to the file defined. 

Example 

If you are writing a menu program for Sales and you want to call up the 
Accounting menu program, type 

MENU 1,Sales Main Menu 
ITEM Accounting Menu 
LOAD ACCOUNT 

SHOW 

Instructs NMENU to execute a submenu defined within the same file. 

Command Format 

SHOW menu_number 

Replace menu_number with the number of the submenu to be displayed. 
Using SHOW 

Include SHOW commands to identify the submenu to be displayed when an 
item is selected from a menu. 

SHOW commands always use menu numbers, not titles. 

Example 

If you have a menu with items listing categories of applications such as 
“Word Processing” and “Spreadsheets,” each ITEM has the following 
SHOW commands to call up the appropriate submenus for those categories: 

ITEM Word Processing 
SHOW 3 

ITEM Spreadsheets 
SHOW 5 

To continue this example, if menu “3,Word Processing” is a list of available 
word processing programs needed by both Sales and Accounting, and each 
group has its own menus defined, the programs can “share” that screen and 
the screen’s calls to execute the applications. 
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GETx (GETO, GETP, GETR) 

The GETx commands provide access to user input. You can request or 
require user input. You can even store user input for future use. Each 
variation of the GETx command uses the same parameters to control what 
the user sees and does. Pay close attention to the use of spaces, commas, and 
braces { }. 

Command Format 

GETx prompt {prepend} length,[prefill], {append} 

Replace x with the letter “O,” “R,” or “P.” 

• If you want the user to decide whether to enter information, use GETO. 

• If you want to require the user to enter information (such as a password), use 
GETR. 

• If you want user input to be used by more than one EXEC command after it is 
entered, use GETP. The information is assigned a variable (such as %1, %2, etc.). 

Replace prompt with the text (instructions) to be displayed to the user (40 
characters maximum). For example: “Enter your Password.” 

Prepend is a value added to the beginning of the user response. A space is 
usually required in the first GETx command to separate it from the 
command issued in its associated EXEC command. 

Replace length with the maximum number of characters the user can enter. 
This parameter is required. For example, if you use GETR for a phone 
number, limit the length to 11 characters to match the field length for the 
phone number. Or if you want a state or country abbreviation entered, limit 
the length to two characters. 

Replace prefill with a default response displayed with the prompt. The user 
can accept the default, change the response by typing over the default, or 
cancel selection of the item. Prefill cannot be longer than the specified 
length. 

The prefill parameter is optional. If you do not want to include a default 
response, enter the two commas together. (See the GETx examples on the 
following page.) 

Append is the value added to the end of the user response. If no value is 
needed, enter braces with a blank space between them. 
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NOTE: Append does not work with GETP. 


Using GETx Interactive Commands 

Following are some general guidelines on the use of the GETx commands. 

• You must define commands for each menu ITEM separately. 

• Enter commands between the ITEM and the EXEC command(s) associated with 
the ITEM. 

• Enter the commands in either uppercase or lowercase. 

• Limit each prompt to one line. 

GETx Command Examples 

• Assume that you want to require users to enter a project code to keep track of 
work performed for that project. Type the following: 

GETR Please enter the project code: { } 08,, { } 

GETR Please enter your password: {} 08, , { } 

GETO Load default macros? { } 01, , { } 

• To get input for a program that calculates mortgages, using GETR, type 

GETR Enter the loan amount: { } 7,,{ } 

GETR Enter the interest rate: { } 5,8.5, { } 

GETO Enter the period (/m=months or /y=years):+ 

{ } 7,/y=30, { } 

EXEC mortgage 

The input values are appended to the “EXEC mortgage” command before it is 
executed. 

• To create the previous program using GETP in place of other GET commands, 
type 

GETP Enter the loan amount: { } 7,, { } 

GETP Enter the interest rate: { } 5,8.5, { } 

GETP Optional-Enter the period (/m=months or+ 

/y=years) : { } 7,/y=30, { } 

EXEC echo %1 

EXEC echo %2 

EXEC echo %3 
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EXEC mortgage %1 %2 %3 
EXEC pause 
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Creating a Menu File 

Prerequisites 

• A workstation running DOS 3.30 or later 

• The Read, File Scan, Write, Create, and Erase filesystem rights to the directory 
where you will create and edit the menu 

• A DOS text editor 


Example Menu Programs 

Study the following examples by creating and trying them. By entering, 
executing, and debugging each example, you will gain understanding 
necessary to use the scripting language effectively. 


NOTE: In the following examples, indents are used to help readability; they are not required. 

The examples include those script files used for the menus in Figure 6-1, 
Figure 6-3, Figure 6-5, and Figure 6-6. Subsequent examples show other 
ways of using the NMENU scripting language. 

Example 1: Single-Window Menu 

The text in the following figure is used to create the menu in Figure 6-1. 

Menu 1, Title Bar 

Item One {pause} 

Exec dir 

Item Two {show pause} 

Exec ver 
Item '"'XExit 
Exec EXIT 

Figure 6-7 Single-Window Menu Script 

Example 2: A Simple Menu 

Text from the .SRC file used for the menu in Figure 6-5 is shown in the 
following figure. This menu demonstrates how submenus can be used. 
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Figure 6-8 


Figure 6-9 


Menu 5,Available Applications 
Item Word Processors { } 

Show 10 

Item Spreadsheets { } 

Show 15 

Item A XExit Menu { } 

Exec EXIT 

Menu 10,Available Word Processors 
Item WordPerfect 5.1 
Exec wp51 

Item WordPerfect 6 
Exec wp6 
Item MSWord 
Exec Word 

Menu 15,Available Spreadsheets 
Item Quattro Pro 
Exec Q 

Item Lotus 123 
Exec 123 

A Simple Menu Script 
Example 3: A More Complex Menu 

The menu in Figure 6-6 was created from the text file in the following figure. 
This menu incorporates the GETR command with simple DOS functionality. 


menu 22,Data Entry 

item A AAdd Entry to Catalogue {show} 
getr Enter Tile { } 40,, {, } 

getr Enter Author's Name 1} 40,, {, } 

getr Category: l=Apps, 2=Prod, 3=Self {} 1,, {,} 
exec echo >>datalist.cat 
item A View Catalogue {pause} 

exec sort <datalist.cat I more 
item ''Instructions {pause} 

exec type instruct.cat I more 
item A XExit the menu 
exec EXIT 

A More Complex Menu Script 

As this menu script shows, by combining regular DOS commands with 

special NMENU conventions you have a simple means of organizing data. 

You don’t need a database program just to catalog some information. 
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Example 4: Combining DOS and NetWare Commands 

Users can accomplish more work when access to DOS and NetWare 
functionality is combined in the same menu, as shown in Figure 6-10. 


Menu 01,User Options 
Item Utilities 
Show 10 

Item DOS Prompt 
Exec DOS 

Item Log out of the network 
Exec Logout 
Menu 10,Utilities 

Item '"lNetWare Menu Utilities 
Show 12 

Item A 2NetWare Command Line Utilities 
Show 14 

Menu 12,NetWare Menu Utilities 
Item NETADMIN {Batch} 

Exec netadmin 
Item FILER {Batch} 

Exec filer 
Item NETUSER {Batch} 

Exec netuser 

Menu 14,NetWare Command Line Utilities 
Item NLIST {show} 

Geto Class & Option: { } 25,user /a, {} 

Exec nlist 

Item COPY Files {pause} 

Getp Enter Source { } 25,, {} 

Getp Enter Destination { } 25,, {} 

Exec ncopy %1 %2 
Exec dir %2 /w 

Item Display a MAP listing {show pause} 
Exec map 


Combining Commands in a Script 
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Making Menus Work 

Now that you have working menus, you must make them available to your 
users. Following is a list of rules for usage. 

• You must create a search drive to the directory where the menu files exist. Search 
mappings can be created in container, profile, or user login scripts. 

• Users must have at least Read and File Scan rights to the directory where the 
menu files exist. 

• NMENU uses temporary files. You must create a permanent drive mapping 
assignment to a directory where the temporary files will be used. 

• Users must have at least Read, File Scan, Write, Create, and Erase rights to the 
directory where the temporary files will be stored. 

You can simplify management of the menu system by keeping all menu files 
in one place, such as SYS:MENUS. Menus are even easier to manage if the 
temporary files are kept in one place, such as SYS:MENUS\TEMP. 

Setting Up the User Environment 

If you are storing users’ temporary files in a network directory, place the 
following commands in the login script: 

SET S_FILEDIR= 

SET S_FILE = 

For example, if you have created a subdirectory called TEMP under a 
MENUS directory, you would type 

SET S_FILEDIR="Z:\\MENUS\\TEMP\\" 

SET S_FILE="%STATION" 

These commands point to the directory where temporary files are stored and 
create unique files in the temporary directory for each workstation ID 
number. The hailing backslash on the S_FILEDIR path is required. 
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NOTE: If you choose not to use the %STATION identifier variable, you must manually 

create a file with a maximum length of seven characters. The NMENU program 
automatically prepends the # symbol to the beginning of the S_FILE filename. 


If the user will be using a menu with the logout option, set the S_FILEDIR 
environment variable to a path on the user’s local drive. Set the S_FILE to 
“%STATION.” 

A copy of the MENU-X.BAT file needs to be in the SYS:LOGIN directory if 
the NMENU LOGOUT option is going to be used. 

EXEC LOGOUT gives the message “Batch file not found” unless the 
temporary directory is on a local drive and MENU_X.BAT is in the LOGIN 
directory. 

Starting NMENU from a Login Script 

If you want the menu to execute from within a login script, add the EXIT 
login script command. For example, to execute the ACCOUNT menu from a 
user’s login script, add the following line to the login script: 

EXIT "NMENU ACCOUNT" 


6-26 




Creating Menus 

Converting Old Menu Files 


Converting Old Menu Files 

Use this procedure to convert an existing MENU file (created with an earlier 
version of NetWare) to an NMENU file. These older menu programs usually 
have the extension .MNU. 

Procedure 

1 Create a directory for the new menu files and temporary files. 

If you want to use the directories you already have set up for menu programs, 
you do not need to create new ones. 

2 Change the old .MNU file to the new .SRC source file format with the 
MENUCNVT command. Complete the following steps. 

a At the workstation command line, type 

MENUCNVT menu_name.mnu 

Replace menu_name with the name of the old menu you want to convert. If 
the menu is not in your current directory, enter the complete path to the 
menu name. 

The program creates a new .SRC file, leaving the original .MNU file 
unchanged. 

b Edit the new menu source file. 

You will probably need to edit the new file to eliminate incorrect commands. 
For example, if your original MENU file used the SYSCON command, you 
must remove it from your new NMENU file and replace it with an 
appropriate NetWare 4 command (such as NETADMIN or NETUSER). 
NetWare 4 does not use SYSCON. 

There can be substantial differences between the original .MNU file and the 
converted .SRC file. MENUCNVT resolves most differences, but not all of 
them. Some typical entries requiring manual changes include the following: 

• Invalid commands such as SYSCON 

• Preceding letters or numbers from the old menu 

• Conversion of former @1, @2, etc., variables into the newer GETP 
variables 
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3 Follow the same six steps explained in “Menu Creation Steps” in this chapter. 

Example 

To help you see the differences between MENU and NMENU files. Figure 
6-11 shows a part of the file for the menu in Figure 6-3. 

The figure shows both the .MNU and the unedited .SRC file formats. They 
are shown side-by-side to help you make the comparison. 

The “After Conversion (.SRC)” side has not yet been edited. Try to find 
changes to make the file execute properly and efficiently. Look for 
commands that are no longer supported in NetWare 4 and replace them with 
appropriate commands. One example is SLIST, which must be replaced with 
NLIST SERVER. 

If you create your own file to test the .SRC file, remember to create some 
text file(s) to be displayed by the TYPE command. 


Before Conversion (.MNU) 

%Questions Questions Questions!,12,20,2 

1. Who Am I? 

whoami 

pause 

2. Where Am I? 

type where.txt 
pause 

3. Am I Alone? 

userlist 

pause 

4. What Am I Doing Here? 

type what.txt 
pause 

5. What Can I Do? 

%Your Choice 

6. What Next? 

%What Next 


After Conversion (.SRC) 

MENU 01,Questions Questions Questions! 

ITEM Who Am I? { } 

EXEC whoami 
EXEC pause 

ITEM Where Am I? { } 

EXEC type where.txt 
EXEC pause 

ITEM Am I Alone? { } 

EXEC userlist 
EXEC pause 

ITEM What Am I Doing Here? { } 

EXEC type what.txt 
EXEC pause 

ITEM What Can I Do? { } 

SHOW 02 

ITEM What Next? { } 

SHOW 03 


Figure 6-11 Conversion Scripts 
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(continued) 

Before Conversion (.MNU) After Conversion (.SRC) 


%Your Choice,5,50,4 

A. Quit 

leave.bat 

B. Try Again 

%Utilities 

C. Experiment 

%Demo 


MENU 02,Your Choice 
ITEM Quit { } 

EXEC leave.bat 
ITEM Try Again { } 
SHOW 06 

ITEM Experiment { } 
SHOW 07 


%Demo,12,40,1 

1. CHOICE 1 

%Utility 

2. CHOICE 2 

%Variety 

3. CHOICE 3 

%TalkToMe 

4. CHOICE 4 

%Beyond 


MENU 07,Demo 

ITEM CHOICE 1 { } 
SHOW 08 

ITEM CHOICE 2 { } 
SHOW 09 

ITEM CHOICE 3 { } 
SHOW 10 

ITEM CHOICE 4 { } 
SHOW 11 


%Beyond,20,75,5 
MOVE ABOUT 

%Pop_up_l 
THE OUTSIDE WORLD 
slist 
pause 


MENU 11,BEYOND 

ITEM MOVE ABOUT { } 

SHOW 12 

ITEM THE OUTSIDE WORLD { } 
EXEC SLIST 
EXEC PAUSE 


%Pop_up_l,24, 10, 6 
MOVE ABOUT 

%Pop_up_2 


MENU 12,Pop_up_l 

ITEM MOVE ABOUT { } 
SHOW 13 


%Pop_up_2,19,30,1 
MOVE ABOUT 

%Pop_up_3 


MENU 13,P op_up_2 

ITEM MOVE ABOUT { } 
SHOW 14 


%Pop_up_3,1,1,2 
MOVE ABOUT 

%Pop_up_4 


MENU 14,P op_up_3 

ITEM MOVE ABOUT { } 
SHOW 15 


%Pop_up_4,8,60, 3 
MOVE ABOUT 

%Pop_up_5 


MENU 15,P op_up_4 

ITEM MOVE ABOUT { } 
SHOW 16 


%Pop_up_5,12, 4,4 
MOVE ABOUT 

%Pop_up_6 


MENU 16,P op_up_5 

ITEM MOVE ABOUT { } 
SHOW 13 


%Pop_up_6,12,78,5 
MOVE ABOUT 

type theend.txt 
pause 


MENU 12,Pop_up_6 

ITEM MOVE ABOUT { } 

EXEC TYPE THEEND.TXT 
EXEC PAUSE 
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Introduction 

NetWare® 4.1/9000 Services is an implementation of NetWare 4®. Because 
NetWare Services resides on a HP-UX server, it becomes many processes of 
UNIX®. 

This chapter describes specific features of NetWare Services, as well as tasks 
you can perform in the NetWare® 4.1/9000 environment, and includes the 
following: 

• How to set up and manage NetWare volumes 

• How to monitor NetWare server errors using the server error log file 

• How to manage a NetWare server: starting and stopping the server, enabling 
logins, and configuring your LAN driver 

• How to set up and configure IPX™ and SPX™ 

• How to keep the network secure 

• How to manage server time synchronization 
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Managing NetWare Volumes 

This section describes volumes in the NetWare® 4.1/9000 environment and 
how NetWare imposes the concept of volumes on NetWare® HP 9000 
server. It also describes how to set up and manage NetWare volumes within 
the NDS tree. 

NetWare® 4.1/9000 supports multiple filesystem types (FSTypes such as 
vxfs. ufs, s5, and so on). NetWare Services provides these interface types: 

• Standard allows NetWare volumes to be configured on top of virtually any 
NetWare® 4.1/9000 file system that supports long filenames. 

• CD-ROM allows CD-ROMs to be accessed as NetWare volumes. 

• NFS-mounted volumes allow NFS filesystems to be mounted as NetWare 
volumes. 

Common characteristics of implementations described in this section. 

The primary tools you use in NetWare Services for filesystem management 
are located in the SAM utility accessible from the server console. 

Standard Volumes 

A Standard volume uses a control directory that contains a NetWare 
usinodes file to store NetWare and client-specific information. It also 
contains a per-volume database to store NetWare trustee assignments. The 
NetWare® 4.1/9000 file system stores the actual data files. 

The Standard file system must synchronize information in the NetWare 
usinodes file with that in the NetWare® 4.1/9000 filesystem. Changes made 
by HP 9000 users are reflected in the usinodes file by synchronization 
operations. 

Standard volumes have the following features: 

• The volume mount point specified by a path into the NetWare® 4. l/9000file 
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system. 

• They use a NetWare usinodes file to maintain NetWare information. 

• They use an extended names file for the following: 

• Names longer than 27 characters 

• OS/2* names longer than 100 characters 

• Directory paths longer than 92 characters 

• They use a NetWare database to maintain trustee assignments and modifications 
to Inherited Rights Filters (IRF). 

• NFS*-accessible files can be included. 

• They support symbolic links, although these links are not recommended. 

• Synchronization with the HP 9000 file system is controlled by volume variables. 


CD-ROM Volumes 

A CD-ROM volume uses a NetWare usinodes file to store NetWare and 
client-specific information. These volumes can be created by using SAM on 
the server console. You can read files that exist on a CD-ROM volume, but 
you cannot write to it. 

CD-ROM volumes have the following features: 

• The files are set to Read-Only. 

• “UNIX File Access Control” mode is also set. Trustees cannot be established in 
this mode. 

• The NetWare trustee rights are always Read and File Scan. The attributes Delete 
Inhibit, Read-Only, and Rename Inhibit are also established. 

• You can change to another CD-ROM while the server is running. To do this, 
however, you must unmount your CD-ROM. This can be done with umount on 
the HP 9000 command line (see “Mounting and Unmounting NetWare 
Volumes” in the System Owner Handbook). You can also select “Disks-etc” to 
mount the new CD-ROM. When a new CD-ROM is replaced, the information is 
also replaced. 
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NOTE: When changing CD-ROM disks, ensure that you have followed the proper HP-UX 

rules for unmounting and remounting a disk. (See “mount” in the Command 
Reference for more information.) 


NFS-Mounted Volumes 

An NFS-mounted volume gives you access to NFS file systems. 

To mount a NetWare Services volume (B) using NFS, a user on the NetWare 

server (B) cannot write to the base volume (A) unless 

• NFS is set up so that nwroot on the NetWare server (B) can write to the base 
directory on the original server (A), or 

• hybrid_setuid_enabled is set to ON (see “Setting Up a Hybrid User” in chapter 
3). This allows hybrid users on the NetWare server (B) to write to files or 
directories in the base volume (A) so that it appears that a hybrid user is accessing 
the base volume (A) and not the NetWare server which runs as nwroot. 


Interdependencies between Partitions and NetWare Volumes 

HP-UX is a hierarchical file system; as with NetWare the top of the tree is 
called the root node and labeled as /. A file system is mounted at a particular 
NetWare® 4.1/9000 directory at or below root and appears as directories to 
the users. 

NetWare uses a modified hierarchical file system, with multiple root nodes 
called volumes. Each volume has its own tree structure, and users must 
switch volumes to access the volume’s resources. Figure 7-1 illustrates the 
topological differences between the NetWare and HP-UX file systems. 

For security reasons, files that control operation of theHP-UX system should 
not be included in a NetWare volume. 
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Figure 7-1 NetWare Volumes Compared with the HP-UX File System 

Because HP-UX has no concept of a “volume,” NetWare volumes become 
paths to a particular point in the HP-UX file system. In Figure 7-1, root 
directories /sys, /home, and /work become NetWare volumes by specifying 
the path in the NetWare Services voltab file through SAM. 

NetWare supports a maximum of 64 volumes, and NetWare Services allows 
the 64 volumes. 

Volume Statistics and Partitions 

Because NetWare Services volumes are paths into the HP-UX file system (/), 
they are dependent upon the HP-UX file system for partition statistics. 

In the example in Figure 7-1, the HP-UX file system has only one file system 
but three NetWare volumes. Each volume reports the same amount of disk 
space for the HP-UX partition. 

This is quite different from native NetWare. The native NetWare file system 
allows the NetWare partition to be segmented (SYS:, HOME:, and WORK:), 
and these segments are then assigned to volumes. Volume statistics reflect 
the actual disk space that has been assigned exclusively to the volume. 

NetWare Services can mimic this behavior if the HP-UX file system is 
configured to accommodate NetWare. Figure 7-2 illustrates one method for 
configuring the file system. 
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• Mount points for partitions and HP-UX file systems 
X Paths to NetWare Services volumes 


Possible Volume Configuration 

If the HP-UX file system is configured so that file system mount points 
coincide with paths to NetWare Services volumes, NetWare volume 
statistics will be accurate. 

In Figure 7-2, volume SYS: corresponds to the mount point for Disk 0, 
Partition 2. Volume WORK: corresponds to the mount point for Disk 1 
(which has one partition). 

Disk 3 is a remote disk and is mounted at the root. It is not a NetWare 
volume, but it can become one if a path is specified in the NetWare Services 
voltab file. It also can become part of a NetWare volume if it is mounted in a 
volume subdirectory, for example under /nwuvols/work/bob. 

If Disk 3 is mounted at bob, NetWare users can expect the following 
behavior: 

• The volume statistics for volume WORK: will not include any information about 
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the remote partition. 

• As NetWare users access directories below bob, directory statistics will reflect 
the statistics for Disk 3. 

Volume Configuration Parameters 

NetWare volumes use some variables in SAM that are global to the server— 

for example, the maximum number of volumes. The NetWare configuration 

files also support variables that are generic to all volume types, as well as 

variables that are specific to a particular volume type. 

The following variables apply to all volume types: 

• Number specifies a number from 0 to 63. Volume SYS: is always 0. The nwvm 
library assigns the first available number. 

• Name specifies the name that NetWare clients use to access the volume. The first 
volume must be named SYS:. System administrators must supply a name for all 
other volumes which may be the same as or different from the HP-UX directory 
name. 

Names must be from 2 to 15 characters long; NetWare 4 conventions prepend 
the server name to the volume name. 

• Type specifies whether the volume is a Standard or CD-ROM volume. 

• Mount point specifies the path, from root, to the directory where the volume 
begins. 

• Control path specifies the location of the volume’s trustee database files. For 
Standard, the control path specifies the location of the volume’s usinodes file, the 
extended names file, and the last mount log. 

• Name spaces specifies the client types the volume will support. System 
administrators configure each volume for additional name spaces (OS/2). DOS 
and UNIX name spaces are always supported. 

• Option strings contain read-only file systems, maximum open files, file access 
control, and volume options. 
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Volume Utilities 

You can use the System Administration Manager (SAM) to specify a 
volume’s mount point, control point, attributes, and security mode. You can 
also add, delete, and modify volumes using SAM. 
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Managing Server Hard Disks 

This section describes how to determine available disk space and how to add 
a hard disk to a NetWare server. 

Checking Available Disk Space 

You should monitor available disk space regularly and keep a log to track 
disk usage over time. This information helps you make the best use of your 
disk-space management options, such as adding a new hard disk. 

On HP-UX, you can type df at the command line in a “Terminal” window. 
You can perform this task from your DOS client using the FILER text utility. 
See your Window documentation for information on how to check disk 
space on your Windows workstations. Note the information discussed earlier 
on how NetWare reports disk space. 

Adding a Hard Disk to a NetWare Server 

Additional hard disks can be added to your machineon HP-UX. See your 
HP-UX documentation for more information. To add a volume to your 
server, use the System Administrator Manager (SAM) at the server console. 
See “Maintaining Volumes”above in this chapter. 
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About NetWare Networking Protocols 

The following information provides an overview of IPX and NetWare 
protocols. If you are familiar with IPX and you now want to configure IPX 
from the server console, skip to chapter 1 in the NetWare 4.1/9000 
Installation and Administration Guide. 


NetWare Protocol Overview 

The IPX protocol is the main protocol used to transfer data from your HP- 
UX system to a NetWare server. 

This section provides a description of the protocols that make client-server 
communications possible on NetWare networks. It explains packet 
structures defined by each protocol. It also describes how workstations, 
routers, and file servers transmit or receive packets. 

If you plan to configure NetWare at the HP-UX server console, you need a 
basic understanding of the NetWare protocols. 

Most computer networks require information that is transferred between two 
nodes (workstations or servers) to be broken up into blocks, called packets. 
Sending information with packets makes a transfer between nodes and any 
intermediate nodes (bridges or routers) more manageable. In addition, each 
packet contains control information used for error checking, addressing, and 
other puiposes. The protocols used on the network define the content of this 
control information. 

In most cases, multiple protocols exist within a packet; each protocol defines 
a different portion of the control information for the packet, and the control 
information for each protocol serves a different puipose. When multiple 
protocols are used, the control information for the highest level protocol is 
first placed around the data, then the control information for each subsequent 
protocol in the protocol stack is added to the beginning or end of the packet. 
This is called enveloping. 

To standardize the definition of protocols, several standards organizations 
were formed by governments and corporations. One of these groups, the 
International Standards Organization (ISO), has developed a model called 
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the Open Systems Interconnection (OSI) model. This model specifies how 
protocols should be defined in the future. The OSI model separates the 
functions required for effective computer communications (such as error 
checking and addressing) into the following seven catagories or layers. 
These layers are Application, Presentation, Session, Transport, Network, 
Datalink, and Physical. 

The protocols used by NetWare do not all correspond exactly to the OSI 
model definitions. NetWare uses a variety of protocols. Some were 
developed specifically for NetWare; some are used throughout the 
networking industry. The protocols required for communications between 
NetWare workstations and file servers are as follows: 

• Medium-access Protocols (MAC) provide bit-level (0,1) enor checking. 

• IPX provides the best connectionless transport. 

• SPXII provides a guaranteed delivery, session-oriented transport. 

• Routing Information Protocol (RIP) maintains routing information and provides 
routing services to IPX. 

• Service Advertising Protocol (SAP) provides dynamic service advertising on the 
network. 

• NetWare Core Protocol™ (NCP™) defines connection control and service 
request encoding for client/server interaction. 

Medium-Access Protocols (MAC) 

MAC protocols (such as 802.5 Token-Ring or 802.3 Ethernet) provide bit- 
level error checking through cyclic redundancy checking (CRC). This CRC 
which is added to every transmitted packet, assures that 99.9999 percent of 
the packets received are corruption free. 

MAC protocols define the addressing for each node on a NetWare network. 
This addressing is provided by each network interface card. 

Internetwork Packet exchange (IPX) 

The IPX protocol is a datagram, connectionless protocol that does not 
require an acknowledgement for each packet sent. Other NetWare protocols 
such as SPXII, SAP, RIP, and NCP are built on top of IPX. 
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The IPX protocol provides both IPX services and RIP services. As LAN 
drivers deliver packets to IPX, the IPX driver uses RIP to determine the 
route for packets outbound to other networks. Packets addressed to a local 
host are routed by IPX to the applications. 

When setting up NetWare from the HP-UX server console, you will need to 
configure your IPX internal LAN address and maximum hops, plus other 
information. See “Managing NetWare Protocols” and “Managing the 
Server” later in this chapter or the Command Reference for more 
information. 

IPX Addressing IPX delivers packets using a 12-byte network address, 
which consists of three address components: 

• Network address (4 bytes). Identifies a specific logical network or LAN on an 
IPX internetwork; all NetWare servers, routers and clients cabled to this segment 
with a common frame type must use the same network address. 

• Node address (6 bytes). Identifies the individual nodes on the network. The 
factory-defined IX number on the NIC usually defines node addresses for client 
workstations. Server machines can have a logical node address. 

• Socket address (2 bytes). Identifies processes or functions within a node. The 
destination for a packet is the socket address. 

The following example illustrates an IPX address (it is usually represented 
in hex bytes). The address 01010393.0123456789ab.0451 represents the net, 
node, and socket as in the following: 


01010393. 0123456789ab. 0451 

Net Node Socket 


Sequenced Packet exchange (SPXII) 

The SPXII is a connection-oriented, reliable, sequenced transport protocol. 
This protocol provides message-level service (for reliability) rather than 
packet-level service. 

SPXII also provides flow control which regulates the speed with which 
packets are sent and received by both sending and receiving processes. 


7-13 




Maintaining the NetWare Server 

About NetWare Networking Protocols 


As a message service, SPXII provides enhanced throughput. This protocol 
reduces the amount of traffic on the wire by negotiating for large packets and 
reducing the number of acknowledgements. 

Applications using SPXII do not need to determine packet size. The SPXII 
driver handles packet size for the application. 

When setting up NetWare, you may want to turn on SPXII and enter other 
information such as the maximum number of SPXII connections and sockets 
for your network. See “Managing NetWare Protocols” later in this chapter. 

NetWare Virtual Terminal Service (NVT2) The NVT2 service establishes 
terminal connections between DOS workstations and UNIX systems over 
SPXII. 

NVT2 servers advertise remote login service and listen for SPX connection 
requests on the advertised socket. The NVT client then sends connection 
requests to the advertised socket. 

Since NVT2 uses SPXII and each NVT2 connection requires a server SPXII 
connection, the maximum allowed SPXII connections which you specify in 
the “SAM” window should be at least 100. 

With HP-UX, the NVT2 server uses the Service Access Facility (SAF- 
configured) listener to handle connect requests and the SAP daemon to 
handle advertising. When NVT2 is turned on in the “SAM” window, a script 
registers the SAF listener process on the NVT2 socket and NetWare 
Protocol Stack Daemon (NPSD) informs the SAP daemon to advertise 
NVT2. See “Managing NetWare Protocols” later in this chapter or the nwern 
utility in the Command Reference for more information on NVT2. 

If SPXII should go down normally, NVT2 will go down and come back up 
when SPXII comes back up. 

If SPXII goes down abnormally (such as a crash), NVT2 will go down and 
come back up, but the service will remain registered with SAF and will be 
invalid. In this case, the protocol stacks must be brought back up manually. 
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Routing Information Protocol (RIP) 

The RIP allows routing information exchange on a NetWare internetwork. 
The single packet structure defined by the RIP allows the following 
exchanges of information: 

• Workstations locate the fastest route to a network number by broadcasting a route 
request. 

• Routers request routing information from other routers to update their own 
internal tables by broadcasting a route request. 

• Routers respond to route requests from workstations and other routers. 

• Routers perform periodic broadcasts to make sure that all other routers are aware 
of the internetwork configuration. 

• Routers perform broadcasts whenever they detect a change in the internetwork 
configuration. 

Service Advertising Protocol (SAP) 

The SAP allows service-providing nodesaesuch as file servers, print servers, 
gateway servers, and client workstationsasto advertise services and 
addresses. The SAP makes adding and removing services on an 
internetwork dynamic. As servers are booted, they advertise services to 
other nodes through the SAP; when they are brought down, they use the 
SAP to indicate that services are no longer available. 

Through the SAP, clients on the network can determine what services are 
available on the network, and obtain the internetwork address of the nodes 
where they can access those services. This is an important function, since a 
workstation cannot initiate a session with a file server without the server 
address. 

A gateway server, for instance, will broadcast a SAP packet periodically 
(usually every 60 seconds, the period defined for all servers advertising with 
the SAP) onto the network segment to which it is connected. The SAP agent 
in each router on that segment copies the information contained in the SAP 
packet into an internal table called the Server Information table. Because the 
SAP agent in each router keeps up-to-date information on available servers, 
a client wanting to locate the gateway server can access a nearby router for 
the correct internetwork address. 
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When setting up NetWare, you will need to turn SAP on and enter the 
number of services you will be advertising to use this feature. See 
“Managing NetWare Protocols” in this chapter for more information. 

NetWare Core Protocol (NCP) 

The NCP makes interaction between clients and file servers possible by 
defining connection control and service request reply/encoding. 

The NCP provides its own session control and packet-level error checking 
instead of relying on other protocols for these functions. Consequently, the 
modularity of the protocol stack is reduced, but runs more efficiently. 

Each NCP request packet submitted on a given connection must be assigned 
a sequence number by the client. The first request is assigned the number 1; 
that number is incremented by 1 for each subsequent request. When a file 
server finishes processing a request, it places the sequence number for that 
request in the response packet. The client can then make sure it is receiving 
the correct responses for the requests submitted. 

For more information on IPX, SPXII, RIP, SAP, or NCP, see the Utilities 
Reference. 

IPX Auto-Discovery 

If a NIC was already installed in your system when you installed HP-UX, 
the auto-discovery feature automatically detected the IPX network number, 
frame type, and network device name for the network(s) connected to your 
node. This option is activated at installation so IPX configuration is 
automatic unless you install additional network boards later or need to 
change your IPX configuration. 

Each time you boot HP-UX or shut down to move your system to another 
physical location, IPX reconfiguration is unnecessary because auto¬ 
discovery takes care of that for you. 

If you did not have a network board installed when you installed NetWare® 
4.1/9000, or if you want to add more network boards, only then is it 
necessary to reconfigure IPX using SAM. 

Occasionally, NetWare® 4.1/9000 may detect a frame type other than the 
one you need because it checks for frame types in a specific order. 


7-16 




Maintaining the NetWare Server 

Managing the Server 


Managing the Server 

This section describes basic setup and configuration of your NetWare server 
so that it will run efficiently. It explains how to do the following: 

• Start and stop your server 

• Enable logins and server console messages 

• Start your NCP engines and enable packet burst 

• Access reports on clients 

• Set specialized server-wide security variables 

• Configure startup variables 

• Enable IPX auto-discovery and IPX diagnostics 

• Configure your IPX and SPX service advertising 

Starting NetWare after Booting Your System 

You can configure NetWare to come up automatically when you boot the 
server. If you configure it this way, you can use the nwserverstatus command 
to check that NetWare really did come up after the reboot. 

The system parameter that controls the server stalling at boot is 
nws_start_at_boot. If you cannot start NetWare, you could check nwcm at 
the HP-UX serverc console command line by typing: 

nwcm -v nws_start_at_boot 

This tells you if the parameter is set to On or Off. If it is off, type: 

nwcm -s nws_start_at_boot=on 

to turn it on again. 

Bringing Down and Restarting NetWare 

Use this procedure to start and stop your NetWare server. 

Make sure all of your users are logged out of the server if you shut it down. 
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Prerequisites 

• Access to the server console 

• Superuser permission to shut down a NetWare server 

Procedure 

1 Start the NetWare transport using the command: 

startnps 

Start NetWare services using the command: 

startnw 

In order to start the NetWare server process, the IPX protocol stack must be 
active. 

There are several ways to check at the HP-UX server console command line 
whether the stack is active: 

• Type ps -ef I grep IPX. If the transport is UP , it should display the two stack 
daemons npsd (IPX Protocol Stack Daemon) and sapd (IPX Sap Daemon). 

• Type ipxinfo. A Resource temporarily unavailable message may appear. This 
indicates that the stack is not active. 

• Type nwsapinfo or statnps. nwsapinfo may display an “unable to attach to 
shared memory” message if the transport is down. 

• statnps -i will display UP or DOWN to indicate the status of the transport. 
To start the stack again, type startnps at the command line. 


Additional Information 


For more information about 

Refer to 

Starting or stopping the 
server 

“nwcm” in the Command Reference 


Tuning Your Server 

This section discusses how to limit or increase the HP-UX resources 
available for NetWare Services. It also describes how to manage engines, 
configure shared memory size, limit error log file size, and set packet burst 
limits. 
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Managing Engines at the Desktop 

NetWare Services servers refer to certain processes as NCP engines. NCP 
engines arc often considered the workhorses of NetWare Services servers 
and arc responsible for initial processing of all client requests. 

NetWare Services requires a minimum of two engines running at all times. 
The more work you require of your system, the more engines you will need 
to start. 

Adding too many engines, however, may decrease performance. So 
generally you need two engines per CPU. 

Running more engines requires more RAM. (See “Hardware Requirements” 
on page vii in “How to Use This Manual.”) After the NetWare server has 
booted, engines can be increased or decreased using the nwengine utility. 
The number should be increased if the nxinfo utility reports an excessive 
number of packets dropped because of server activity. 

To prevent NetWare from using too many resources, you can limit the 
number of engines that can be started after boot time. 

You can specify the number of NCP engines to start by using “Number of 
NCP Engines to Start” and “Maximum Number of NCP Engines” at the 
NetWare® 4.1/9000 server console. To specify how many engines to start 
automatically when the NetWare server process is started, see “Tuning Your 
Server at the Desktop” in this chapter. 

Configuring Shared Memory 

If you don’t configure any shared memory or if the default size of 4 Mg (or 
4194304 bytes) is configured, NetWare will automatically determine the 
required shared memory size. The actual size used will be displayed on the 
console at startup. 

Adjusting the Size of Your Error Log 

Any errors your server experiences are saved to the error log file, 
SYSSLOG.ERR. You can change the size of this log depending upon how 
many messages you want to store in this file. Make sure you monitor this file 
because if messages come in and the file is full, messages are saved to a 
backup (SYS$LOG.OLD) and a new file, SYSSLOG.ERR, is created. Only 
one SYSSLOG.ERR.OLD is maintained. 
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See “Error Log File Size” in “Tuning Your Server” in this chapter to change 
the size of your error log file. 

Configuring Packet Burst 

Packet Burst is a protocol built on top of IPX that speeds multiple-packet 
NCP reads and writes of files. 

This protocol speeds the transfer of NCP data between a workstation and a 
NetWare server by eliminating the need to sequence and acknowledge each 
packet. 

Packet Burst protocol is more efficient than the one-request/one-response 
protocol in earlier NetWare versions. With this protocol, the server or 
workstation can send a whole set (burst) of packets before it requires an 
acknowledgement. 

By allowing multiple packets to be acknowledged, Packet Burst reduces 
network traffic. 

It also monitors dropped packets and retransmits only the missing packets. 

A client must negotiate the use of Packet Burst with a server before using it. 

See “Enable Packet Burst?” and “Packet Burst Buffer Size” in “Tuning Your 
Server at the Desktop” in this chapter to configure Packet Burst. 

Packet burst can only be configured via the nwcm utility. The parameters 
are: 

burst_mode_buffer_size: size of packt burst packets, default = 24576 
burst_mode_clients: maximum number of burst_mode clients that can be 
supported at the same time. 

burst_mode_protocol: Enable/disables packet burst 

Managing Engines at the Command Line 

You can use the nwengine utility at the server console command line to start 
and stop engines while NetWare Services is running. To change the number 
of engines, type 

nwengine number <Enter> 
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Replace number with the new number of NCP engines you want running. 
The nwengine command determines the difference between the total number 
of NCP engines requested and those already running. 

For example, if you have four NCP engines already running and you want to 
add three more engines, type the following command: 

nwengine 7 <Enter> 

Three more NCP engines will be started. 


NOTE: This number can be increased only to the maximum number of engines specified by 

the “Maximum Number of NCP Engines” variable. 


To reduce the number of NCP engines from seven to five (thus stopping two 
NCP engines), type 

nwengine 5 <Enter> 

You cannot decrease the number of engines below two. This is the minimum 
number of engines required to run NetWare Services. 

Additional Information 


For more information about 

Refer to 

NCP engines 

“nwengine” in Utilities Reference 

“NCP_engine” in Concepts 


Checking Client Connections Using nxinfo 

Use the nxinfo command at the server console command line to get a report 
on client connections. The report provides two pieces of information 
important to managing the number of engines you want active: 

• The maximum number of clients ever active at one time. (If this number matches 
the number of licensed connections, you may need to buy more licenses.) 

• The clients now active. 

By checking these two figures while your server is performing an average 
work load, you can determine the number of NCP engines to best manage 
your workload. 
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If a large number of packets is dropped because a server message indicates 
that the server is busy, you may need to add another engine. Adding too 
many engines, however, may decrease performance. 

For more information, see “nxinfo” in Utilities Reference. 

Checking Client Activity 

Use this procedure at the HP-UX server console to configure the NetWare 
watchdog (a connection-monitoring feature). 

The watchdog sends packets to inactive connections and eventually logs out 
connections that remain unresponsive. Use the watchdog variables to 
configure how much watchdog information is recorded or displayed and 
how long an inactive connection can remain unresponsive before it is logged 
out. 

Watchdogs can only be configured with the nwcnr command. The 
parameters watchdog are listed below. 

console_display_watchdog_logouts. This variable controls messages sent 
to the server’s display device when the watchdog logs out a connection. 
“Yes” means messages are sent to the console. “No” means no messages are 
sent. 

If connections are unexpectedly losing their connection to the NetWare 
server, set this variable to “Yes” until the problem has been corrected. The 
default is No. 

number_of_watchdog_packets. This variable specifies the number of 
unanswered watchdog packets the NetWare server sends to a client before it 
disconnects. Valid values arc 5 to 100. The default is 10. 

log_watchdog_logouts. This variable controls the creation of log entries 
when a client is logged out by watchdog. “Yes” means the entry is logged 
into SYS$LOG.ERR. “No” means the entry is not logged into 
SYS$LOG.ERR or any other error file. The default is Yes. 

delay_before_first_watehdog_packet. Delay before First Watchdog 
Packet. This variable determines the time (in seconds) the server waits 
without receiving a request from the workstation before sending out the first 
watchdog packet to that workstation. The default is 296. 
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delay_between_watehdog_packets. This variable determines the time (in 
seconds) between watchdog packets. After the server sends out the first 
watchdog packet, it waits a specified time before sending out succeeding 
packets if there is no reply. The default is 60. 

For more information on Watchdog, see “Watchdog” in Concepts. 
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Network Security Features 

NetWare Services includes security and fault tolerance features to protect 
network data from intruders and system failures. This section describes how 
to prevent network data disaster and recover from failures. 

Preventing Packet Forgery 

NetWare Services includes a security feature. NCP packet signature, that 
protects servers and clients using the NetWare Core Protocol. 

NCP packet signature prevents packet forgery by requiring the server and 
the client to “sign” each NCP packet. The packet signature changes with 
every packet. 

NCP packets with incorrect signatures are di scal ded without breaking the 
client’s connection with the server. However, an alert message about the 
invalid packet is sent to the error log, the affected client, and the message 
monitor. The alert message contains the login name and the station address 
of the affected client. 

NCP Packet Signature Options 

Because the packet signature process consumes CPU resources and slows 
performance, both for the client and the NetWare server, NCP packet 
signature is optional. 

Several signature options are available, ranging from never signing NCP 
packets to always signing NCP packets. NetWare servers and clients both 
have four settable signature levels. 

The signature options for servers and clients combine to determine the level 
of NCP packet signature on the network. 
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NOTE: Some combinations of server and client packet signature levels may slow 

performance. However, systems with low CPU-demand may not show any 
performance degradation. Network supervisors can choose the packet signature level 
that meets both their performance needs and their security requirements. 


When to Use NCP Packet Signature 

NCP packet signature is not required for every installation. Some network 
supervisors may choose not to use NCP packet signature because they can 
tolerate security risks in the following types of situations: 

• Only executable programs reside on the server. 

• All network users are known and trusted by the supervisor. 

• Data on the NetWare server is not sensitive; loss or corruption of this data would 
not affect operations. 

NCP packet signature is recommended for security risks such as the 
following: 

• An untrustworthy user at a workstation on the network 

• Easy physical access to the network cabling system 

• An unattended, publicly accessible workstation 

Server Security 

Security is a major concern for administrators and users when working with 
files and directories on the network. Several types of security exist in 
NetWare Services: 

• File system (see “Making the File System Secure and Accessible” in chapter 3). 

• NetWare Directory Services (see “Managing the NetWare Directory Services 
Tree” in chapter 4). 

• Fogin restrictions (see “Managing the Server” in this chapter). 

• Server restrictions (see this section). 

Use this procedure to prevent packet forgery, enforce password encryption, 
and prevent job servers from creating a window for security breach. 

Packet signature is configured with the nwcm utility. The parameters are 
listed below. 
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nep_paeket_signature_option. This variable determines the signature 
levels for NCP packets. Valid values are Disabled, Enabled, Preferred, and 
Required (see Table 7-1). The default is Disabled. 

allow_unencrypted_passwords. This variable controls unencrypted 
passwords. “Yes” means unencrypted passwords are allowed. “No” means 
passwords must be encrypted and clients who use software that sends clear 
text passwords cannot log in. The default is No. 

allow_change_to_client_rights. This variable controls the ability of a Print 
or Job server to assume rights of a queue job’s submitter as it services a 
queue job. “Yes” means submitter’s rights are allowed to be assumed. “No” 
means submitter’s rights are not allowed to be assumed. On a system that 
needs tight security, set this to No. The default is Yes. 

Server Signature Levels 

Use “NCP Packet Signature Option” in the previous procedure to assign 
server packet signature levels. 

Client Signature Levels 

Client signature levels are assigned in the NET.CFG file at the client 
workstation as follows: 

signature level = number 

To replace the existing number with Disabled (0), Enabled (1), Preferred (2), 
or Required (3), use NetWare Settings for NUC; use a text editor for DOS, 
Windows clients. The default is Enabled (1). The levels are explained in 
Table 7-1. 
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Table 7-1 


Figure 7-3 


Client Signature Levels 

Number 

Explanation 

Disabled (0) 

Client does not sign packets. 

Enabled (1) 

Client signs packets only if the server requests it (server 
option is 2 or higher). 

Preferred (2) 

Client signs packets if the server is capable of signing 
(server option is 1 or higher). 

Required (3) 

Client signs packets and requires the server to sign 
packets (or logging in will fail). 


Effective Packet Signature 

The packet signature levels for the server and the client interact to create the 
“effective packet signature” for the network. Some combinations of server 
and client levels do not allow logging in. 

Figure 7-3 shows the interactive relationship between the server packet 
signature levels and the client signature levels. 
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Examples of Signature Levels in Different Situations 

The default NCP packet signature level is Enabled (1) for clients and 
Preferred (2) for servers. In general, this setting provides the most flexibility 
while still offering protection from forged packets. 

Below are some examples of using different signature levels. 

All Information on the Server is Sensitive If an intruder gains access to any 
information on the NetWare server, it could damage the company. The 
network supervisor sets the server to level 3 (Required) and all clients to 
level 3 (Required) for maximum protection. 

Sensitive and Nonsensitive Information Reside on the Same Server The 

NetWare server has a directory for executable programs and a separate 
directory for corporate finances (such as Accounts Receivable). The network 
supervisor sets the server to level 2 (Preferred) and the clients that need 
access to Accounts Receivable to level 3 (Required). All other clients 
remain at the default, level 1 (Enabled). 

Users Often Change Locations and Workstations The network supervisor is 
uncertain which employees will be using which workstations, and the 
NetWare server contains some sensitive data. The network supervisor sets 
the server to Required (3). Clients remain at the default Enabled (1). 

A Workstation is Publicly Accessible An unattended workstation is set up for 
public access to nonsensitive information, but another server on the network 
contains sensitive information. The network supervisor sets the sensitive 
server to Required (3) and the unattended client to Disabled (0). 

Assigning the Server Packet Signature Option 

The default server packet signature option is Preferred (2). To change the 
option, use the “NCP Packet Signature Option” in NetWare SAM. See 
“Server Signature Levels” in this chapter. 

Assigning the DOS or Windows Workstation Packet Signature Level 

The default client packet signature level is Enabled (1). To change the level, 
add the following parameter to the NET.CFG file of each DOS or Windows 
workstation: 

signature level = number 
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Replace number with 0 (Disabled), 1 (Enabled), 2 (Preferred), or 3 
(Required). 

Assigning the NUC Workstation Packet Signature Level 

This signature level applies to all NUC clients unless it is set in a user- 
specific NET.CFG file or in NetWare Setting 

The default packet signature level is Enabled. To change the level, see 
“Setting Packet Security Levels” in the System Owner Handbook. These 
settings arc in NetWare_SAM, NUC Setup. 

Additional Information 


For more information about 

Refer to 

Packets 

“Packet” in Concepts 

Packet signatures 

“Server Security” 

NET.CFG file 

“NET.CFG” in Concepts 

NCP packets 

“NCP Packet Signature” in Concepts 
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Common Management Tasks 

This section describes other network administrator tasks and ways you can 
change the server environment after installation of NetWare Services. 

Viewing the Server Error Log File 

The server error log is a text file called SYS$LOG.ERR in the server’s 
SYS:SYSTEM directory. All system messages and alerts that appear on the 
server display device are recorded in the SYS$LOG.ERR file. View this file 
periodically to see what kinds of errors are occurring on your server. 

You can view the server error log from a DOS or Windows workstation 
using a text editor. You can also view or clear the server error log with the 
NETADMIN or FILER text utility in DOS. 

NetWare security violations are also recorded in the SYSSLOG.ERR file. 
Check this file daily if you are concerned about security at your site. 

NOTE: You should regularly clear the SYSSLOG.ERR file to keep it from using too much 

server disk space or limit its SHMMAX size as discussed earlier in this chapter. 

Prerequisites 

• A workstation running DOS 3.30 or later and NETADMIN 

• A minimum of 512 KB of memory available on the workstation 

• Supervisor or equivalent directory right to SYS:SYSTEM 

Procedure 

1 At the DOS prompt, type 

NETADMIN <Enter> 

2 From the “NetAdmin Options” screen, choose “Manage Objects.” 

3 From the browser, select the Server object that contains the error file you want to 
view and press <F10>. 

4 Choose “View or Edit Properties of This Object.” 

5 Choose “View Server Error Log File.” 
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The server error log appears. 

6 To delete or exit the server error log, press <Esc>. 
A prompt to clear the error log file appears. 

7 To clear the error log file, choose “Yes.” 

To exit NETADMIN, press <Alt> + <F10>. 


Managing Error Log Files 

NetWare creates and maintains these server, advertising, and volume error 
log files: 

• SYS$LOG.ERR for server errors. 

• SAP error log file for advertising errors. This is located in /var/netware4. It tells 
you what the local SAP is advertising. 

• LastMountLog in the nwcontrol directory for volume errors (see “Maintaining 
Volumes” on in this chapter). This is used from a NetWare® 4.1/9000 client. 

To keep server error log files from using too much disk space, NetWare 
Services includes the “Error Log File Size” variable. See “Tuning Your 
Server.” 
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Controlling Resource Allocation 

This section describes how to use accounting to control the number of 
resources a NetWare client can use. The following are items to consider 
when installing and using the accounting procedures. 

• Install the accounting program 

• Decide on the services you will charge for 

• Calculate the rates 

• Set up accounting balances for the users 

• View the balances 

If you want to use the NetWare® 4.1/9000 accounting commands (see 
System Administration) rather than NetWare utilities to control resources 
used by NetWare clients, make all of your NetWare clients hybrid users (see 
“Managing the NetWare Services File System” in chapter 3). 

Setting Up Accounting 

Use this procedure from a Windows workstation to monitor NetWare server 
usage and charge users for server resources. You can do this by either using 
NetWare Administrator or NETADMIN and ATOTAL. 

Setting Up Accounting Using NetWare Administrator 
Prerequisites 

• A 386 or later workstation and NetWare Administrator 

• The Supervisor right to the parent directory 

Procedure 

1 From the Windows Program Manager, click on the “NetWare Administrator” 
icon or run the nwadmin.exe. from the “File Manager.” 

2 Select the Server object you want to set up accounting for. 

3 From the “NetWare Administrator” menu bar, choose “Object.” 

4 From the “Object” pull-down menu, choose “Details.” 
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5 Choose “Accounting” from the bottom of the dialog box. 

6 Confirm that you want to install accounting on this server. 

Accounting page buttons appear on the right side of the dialog box with the 
other page buttons. 

7 Use the accounting buttons to edit the accounting pages. 

8 Choose “OK.” 

Setting Up Accounting Using NETADMIN 
Prerequisites 

• A workstation running DOS 3.30 or later and NETADMIN 

• A minimum of 512 KB of memory available on the workstation 

• The Supervisor right to the parent directory 

Procedure 

1 Run the nwadmin.exe from the “File Manaager” or at the DOS prompt, type 

NETADMIN <Enter> 

2 From the “NetAdmin Options” menu, select “Manage Objects.” 

3 Select the Server object for which you want to set up accounting for and press 
<F10>. 

4 From the “Actions for NetWare Server” menu, select “View or Edit Properties of 
this Object” and press <Enter>. 

5 From the “View or Edit Server” menu, select “Accounting” and press <Enter>. 

6 From the “Install Accounting?” prompt, select “Yes” and press <Enter>. 

7 From the “Accounting Options” screen, select “Accounting Servers” and press 
<Enter>. 

8 Press <Insert>. 

9 Select “NetWare Server” from the list of possible servers and press <Enter>. 

10 Enter the name of the server or press <Insert> and select a server from the list. 

11 Press <Esc> to return to the “Accounting Options” menu. 

12 Choose the options you want to set up. 

Press <F1> if you need help with any of the options. 


7-33 




Maintaining the NetWare Server 

Controlling Resource Allocation 


13 To exit NET ADMIN, press <Alt>+<F10>. 

Calculating Charge Rates for Accounting 

Charge rates for using server resources are specified as multipliers and 
divisors. To set the charge amount to “No Charge,” enter 0 as the multiplier. 
Use the following formula to calculate a charge rate: 

CHARGE 

(charge rate multiplier) 

- = CHARGE RATE 

ESTIMATED USAGE 

(charge rate divider) 

For example, if you want to charge $200 per month for server disk storage, 
and there are usually 100,000 blocks used each month on your hard drive 

• 20,000 would be the multiplier ($200 in cents) 

• 100,000 would be the divisor (disk block usage per month) 

Therefore, users would be charged two-tenths of one cent per disk block used. 

20,000 cents 

= 1 cent / 5 blocks read 

100,000 blocks read 

Viewing Accounting Totals 

The ATOTAL utility provides a total for the accounting services used on 
your network. ATOTAL compiles information from the system accounting 
records and lists the following: 

• Total connect time in minutes 

• Total service requests 

• Total blocks read 

• Total blocks written 

• Total disk storage in blocks per day 
Procedure 

1 Change to the SYS:SYSTEM directory. 
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2 To view daily and weekly totals for accounting services, type 

ATOTAL <Enter> 

3 To redirect ATOTAL data to a file, type 

ATOTAL > filename <Enter> 
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Managing Network Time Synchronization 

Time synchronization ensures that all servers in a Directory tree report the 
same time and order NetWare Directory Services events correctly. 

To establish time synchronization, a time server must first be assigned a time 
server type. Then the time server must know which servers to contact for 
time information, how often to contact them, and how much a server’s time 
can differ from network time and still be considered synchronized. 

The following sections describe these processes and indicate which 
variables control the configuration. 

Changing the Default Time Server Type 

The installation default for time synchronization designates the first server in 
a new Directory tree as a Single Reference time server and all others as 
Secondary time servers. In most circumstances, you do not need to change 
the default time server type. 

However, you may need to change the default time server type if you are 
using a custom time source configuration. You can do this using the System 
Administration Manager (SAM). 

For information on time server types, see “Time Servers” in Chapter 4 of 
Introduction to NetWare Directory Sendees and “Time synchronization” in 
Concepts. 

Time Sources 

To synchronize, time servers poll at least one other time source: 

• Single Reference servers are always synchronized and therefore do not poll time 
sources. 

• Reference servers must poll another time source, preferably a Primary server, 
although it can be another Reference server. Although Reference servers do not 
adjust their time, they must be able to contact another time source before they can 
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claim to be synchronized. 

• Primary servers must poll either another Primary server or a Reference server. 

• Secondary servers must poll a Reference, Primary, or Single Reference server to 
obtain the correct time. 

During each polling interval, a time server contacts one, and only one, valid 
time source. While polling, a server has to find a time source of the right 
type which matches the server's selection criteria for valid time sources. 
Although you can allow all time servers of the right type to be valid time 
sources (any primary server to be a valid time source for any other primary 
or reference server), you can designate which sources the server 
synchronizes with. 

You can configure a server to recognize any of the following as valid time 
sources: 

• The first server in a list that responds to a time synchronization query. The server 
contacts the time sources in the order listed until one responds. This method 
works well on a large internetwork because it allows you to turn off the 
advertising of time services. However, this method requires additional 
configuration when servers are added or deleted from the internetwork. 

• The first server in a list that responds to a time synchronization query or, if no 
server in the list responds, the first server that responds to a general time 
synchronization query to the network. This method allows you to have preferred 
servers for time synchronization, and it also allows you to use advertising when 
all the servers in the list are unavailable. You can restrict the server's contacts 
with advertising servers to a particular Directory tree or allow any server on the 
network, regardless of tree, to be a valid time source. 

• The first server that responds to a time synchronization query to the network. This 
method does not use a list and relies entirely on the advertising of time services 
to find a valid time source. This is the quickest and easiest method to set up and 
allows new servers automatically to fit into the time synchronization 
configuration. You can restrict the server's contacts to a particular Directory tree 
or allow any source on the network, regardless of tree, to be a valid time source. 

In most circumstances, you can rely on the time synchronization advertising, 
and you do not need to create a list of sources. However, in the following 
situations, you may need a custom configuration: 

• You have more than one Reference or more than one Primary time server on your 
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network and your server is not synchronizing within its Directory tree. 

• You want to control the sources your server uses for time synchronization. 

• You want to reduce SAP traffic by turning off time service advertising. 

For more information on restricting valid time sources, see the following 
variables in SAM: 

• Enable Time Service Advertising? 

• Use Only Configured Sources? 

• Time Sources 

• Directory Tree Mode 

See “Creating a Custom Time Source Configuration” below in this chapter 
for more information. 

Polling Intervals 

During a polling interval, time servers exchange a configurable number of 
packets which they use to compare their current time with the responding 
server's time. The default is to send three packets, enough to adjust for 
network fluctuations but not so many as to flood the network with time 
synchronization packets. 

A server does not always poll at the same interval. When a server is not 
synchronized with the network, the server polls according to the short 
interval value (the default is 10 seconds) until its time is synchronized with 
the network. Once time synchronization is established, the server gradually 
increases its polling interval until it matches the polling interval value (the 
default is 10 minutes). 

For more information on configuring polling and its intervals, see the 
following valuables in SAM: 

• Polling Count 

• Short Interval 

• Polling Interval 
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Synchronization Limits 

Since clocks in computers vary, synchronizing all servers in a network to the 
same precise time is almost impossible. By default, time synchronization is 
set up to allow for a two-second time variance between network time and a 
server's time. Servers that come within that two-second variance are 
considered synchronized. You can adjust this value, called a 
synchronization radius, to fit your applications and network configuration: 

• Increase this value if the server is losing synchronization because the server has 
a heavy load, there are multiple routers between the server and the time sources, 
or your system is connected to a network with heavy traffic. 

• Decrease this value if you have an application that requires a finer 
synchronization to order events correctly and your network configuration will 
support it. 

Synchronized servers (Secondary and Primary) continue to make small 
adjustments in an attempt to bring their time within the limits set by a 
tolerance value (one millisecond default). Once the server’s time is within 
the range allowed by the tolerance value, the server stops making time 
adjustments. You can adjust the tolerance value (called a correction floor) to 
fit your network configuration and hardware. 

For more information on configuring synchronization limits, see the 
following valuables in SAM: 

• Correction Floor 

• Synchronization Radius 


Creating a Custom Time Source Configuration 

NetWare allows you to control what type of time services a NetWare server 
provides, which time servers a NetWare server contacts for time 
synchronization, how frequently the server must contact or poll the sources, 
and how the time adjustments are made. 

Use the following procedure to adjust these variables: 

Prerequisites 


Access to the server console 
Superuser permission to use SAM 
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Procedure 

1 HP recommends that you use SAM to set the bindery context and most time 
synchronization parameters. Use the nwcm command to set the other parameters. 
The nwcm command is described in the Utilities Reference. 

2 Set the following variables as appropriate. 

Basic. This category shows the most commonly changed time synchronization 
variables. 

Time Server Type. This variable specifies how the server synchronizes time 
(set by dsinstall ): Single, Reference, Primary, or Secondary. 

Enable Time Service Advertising? This variable controls time source 
advertising. “Yes” means Single Reference, Reference, and Primary time 
servers advertise; Secondary time servers do not advertise. “No” means time 
servers do not advertise. If it is a time source for other servers, you must add 
its time to those servers’ lists of time sources. The default is Yes. 

We recommend that all servers be configured the same (“Yes” or “No”) for 
this variable to be effective. 

Directory Tree Mode? This variable controls whether the server 
synchronizes time with services in its tree and with all servers on the 
network. 

This variable has no effect if the “Use Only Configured Sources” variable is 
set to “Yes.” 

When “Use Only Configured Sources” is set to “No,” this variable works as 
follows: 

• “Yes” means the server synchronizes only with services in the Directory 
tree. 

• “No” means the server attempts to synchronize with any time source on 
the network. With this configuration, make sure any nonproduction 
servers do not advertise time services. 

Time Sources. This variable contains the list of time sources this server 
contacts to determine network time. When the first time source is contacted, 
the search stops. 

Use Only Configured Sources? This variable determines which time sources 
the server listens to. “Yes” means servers only listen to the sources in the 
configured sources list (“Time Sources”). “No” means the server first 
attempts to contact a server listed in the configured sources list; if 
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unsuccessful or the list is empty, the server attempts to contact an advertising 
time source. The default is No. 

Advanced. The Advanced category shows and allows you to change less 
commonly used time synchronization variables. 

Polling Count. This variable determines the number of time packets to 
exchange while polling. 

Polling Interval. This variable determines how often the server checks to see 
if it is still synchronized with network time. All servers in the Directory tree 
should use the same value. The interval is specified in seconds, and the 
maximum is 31 days. The default is 600. 

Short Interval. When a server discovers it is not synchronized with network 
time, it starts time synchronization polling at the interval specified by this 
variable. After synchronization, the polling interval increases until the server 
is using the value specified by the “Polling Interval” variable. The default is 
10 seconds. 

Synchronization Radius. This variable controls the maximum time 
difference (in milliseconds) a server can differ from network time and still be 
considered synchronized. Increasing the time allows a greater time difference 
between servers. Decreasing the time increases the chance of losing server 
synchronization. When the server is polled, if the time difference is greater, 
the server is not synchronized. If the time difference is less, the server is 
synchronized. 

Correction Floor. This variable determines how closely servers attempt to 
synchronize their clocks (in milliseconds). This value cannot exceed the 
“Synchronization Radius” or synchronization may not be achieved. 

Time Adjustment. This variable determines a single time adjustment in 
size, date, and time. The format is (+ or -) <hour>:<minute>:<second> at 
<month>/<day>/<year> <hour>:<minute>:<second> (A.M. or P.M.). If the 
date and time are not specified, time sources default to six polling intervals 
or one hour from the current time, whichever is longer. All time sources 
synchronizing together adjust their clocks by the specified time at the 
specified date and time. 

Use this variable sparingly to correct network time-wide errors. Misuse of 
the variable can corrupt time synchronization and the order of events on your 
network. You cannot use this variable on a second time server. A Reference 
Time server ignores the adjustments from primary time servers. 
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Example of Synchronizing Two Directory Trees 

Suppose you have two Directory trees on your network and you want all the 
servers in both trees to synchronize to the same time. 

You used the default installation, so the Root servers of the trees (ROOT1 
and ROOT2) are Single Reference servers. Tree Mode is set to “Yes,” and 
Service Advertising is set to “Yes.” 

Each Directory free is synchronized within itself, but time between the 
Directory trees differs by a few minutes. 

To synchronize both frees, stop the NetWare server process on both servers, 
then set the following variables, and restart the servers. 

• Server ROOT 1: 

Set “Time Server Type” to ’’reference.” 

Set “Time Sources” to ”root2” 

• Server ROOT2: 

Set “Time Server Type” to "primary” 

Set “Time Sources” to ”root2” 

The Root servers of both Directory trees synchronize; this synchronizes all 
the other servers in both trees. 

Since the Roots are now both time providers, it is necessary to change “Time 
Server Type” from “Single” to “Reference” on Server ROOT1 and 
“Primary” on Server ROOT2. 

Server ROOT1 is a Reference server so that there will be a central point for 
controlling time on the network. 

When you synchronize two Directory trees, you double the size of the time 
synchronization network. You should examine the physical layout of the 
network and add other Primary servers, or consider hand-configuring the 
time sources and eliminating the use of SAP. 

Additional Information 
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For more information about 

Refer to 

Time server types 

“Time Servers” in Chapter 4 of 

Introduction to NetWare Directory 

Sen’ices 

Time synchronization 

“Time synchronization” in Concepts 

SAP 

“Service Advertising Protocol (SAP)” in 
Concepts 
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assigning trustee rights to, 3-37 
ASCII file. See Text file 
Asterisk, using in login scripts, 5-48 
ATOTAL utility, using, 7-35 
ATTACH login script command, using, 5- 
20 

Attributes 
changing, 3-55 
volume, directory, file, 3-16 
Attributes, directory. See also Attributes, 
file 

explained, 3-44 
modifying with FILER, 3-56 
modifying with NetWare Administrator, 
3-56 

Attributes, file. See also Attributes, 
directory 
explained, 3-44 

modifying with NetWare Administrator, 
3-56 

modifying, with FILER, 3-56 
Attributes, volume, 3-16 


BATCH option for ITEM menu command, 
explained, 6-13 
Bindery version 
NetWare, 2-4 

BREAK login script command 
using, 5-21 


using with GOTO, 5-31 
Browse object right, explained 2-5. See 
also Rights, object 

C 

Charge rates, accounting, formula, 7-34 
CHDIR option for ITEM menu command, 
explained, 6-14 

Client connections, getting report on, 7-21 
Client, checking with watchdog, 7-22 
CLS login script command, using, 5-22 
COMMAND.COM file, specifying 
location of, in login scripts, 5-22 
Commands 

executing after stopping login script, 5- 
27 

executing from within login scripts, 5-19 
login script (see Login script commands) 
Commands, NetWare, iv 
Comments 

displaying during login with WRITE, 5- 
55 

using in login scripts with REMARK, 5- 
48 

Compaq computer 

long machine name, specifying in login 
scripts, 5-60 

short machine name, specifying in login 
scripts, 5-60 

Compare property right, explained 2-6. 

See also Rights, property 
COMPATIBLE login script command. 
See PCCOMPATIBLE login script 
command 

Compiling menus, 6-8 
Computer object, explained, 2-21 
Computer. See also Workstation 
long machine name, specifying in login 
scripts, 5-37, 5-60 

short machine name, specifying in login 
scripts, 5-60 

COMSPEC command, 3-32 
COMSPEC login script command 
using, 5-22 

Conditional statements, using in login 
scripts, 5-32 
Configuring 

server, sample files for, 3-22 
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Connection number 

workstation, specifying in login scripts, 
5-60 

Container login script, explained, 5-3 
Container object 

changing property values with NetWare 
Administrator, 2-73 
creating with NETADMIN, 2-18 
explained, 2-11 
listed, 2-12 
naming rules for, 2-13 
Container objects 
creating, 2-11, 2-16 
creating with DS_Install, 2-15 
creating with NETADMIN, 2-16 
creating with NetWare Administrator, 2- 
16 

moving, 2-61 
types of, 2-11 
Container, moving, 4-16 
Context, name 

displaying context user exists in, 5-59 
displaying context when login started, 5- 
60 

COPY command (DOS), verifying copies, 
in login scripts, 5-26 
Copy, of a partition. See Replica 
Copying files 

verifying copies made with DOS COPY, 
5-26 

Copying login scripts 
with NETADMIN, 5-12, 5-15 
with NetWare Administrator, 5-14 
Country object, explained, 2-13 
Create object right, explained 2-5. See also 
Rights, object 
Creating 

directories, with FILER, 3-25 
Directory Map objects with NetWare 
Administrator, 3-40 

Directory partitions, with NetWare 
Administrator, 4-11 

Directory partitions, with PARTMGR, 
4-12 

replicas, with NetWare Administrator, 
4-24 

replicas, with PARTMGR, 4-25 
Creating login scripts 


with NETADMIN, 5-12 

with NetWare Administrator, 5-10 

D 

DAT file for menus, 6-8 
Date 

specifying in login scripts, 5-59 
DAY identifier variable, explained, 5-59 
DAY_OF_WEEK identifier variable, 
explained, 5-59 
Default 

drive, specifying in login scripts, 5-26 
Default login script. See also Login scripts 
commands in, 5-64 
explained, 5-4 

preventing from executing, 5-45 
Default rights 
ADMIN User object, 13 
Default user values. See User template. 
Delete object right, explained 2-5. See also 
Rights, object 

Delete Self property. See Add or Delete 
Self property 
Deleting 

replicas, with NetWare Administrator, 
4-26 

replicas, with PARTMGR, 4-27 
servers, with NetWare Administrator, 4- 
47 

servers, with PARTMGR, 4-48 
trustees, with FILER, 3-49 
Directories 
application, 3-22 
creating, 3-24 
creating, with FILER, 3-25 
creating, with NetWare Administrator, 
3-24 
data, 3-23 
planning, 3-21 

viewing information about, 3-64 
workstation OS, 3-22 
Directory 

created during installation, 3-22 
creating for workstation operating 
systems, 3-31 

default, specifying in login scripts, 5-26 
mapping drives in login scripts, 5-38 
mapping fake root in login scripts, 5-39 


name space information, viewing, 3-64 
viewing information about, with NDIR, 
3-66 

Directory Map object 
creating, with NETADMIN, 3-41 
explained, 2-22, 3-39 
mapping drive in login scripts, 5-42 
Directory map objects 
creating, 3-39 
using, 3-39 

using the MAP command, 3-39 
with NETADMIN, 3-41 
with NetWare Administrator, 3-40 
Directory partition. See Partition, 
Directory 

Directory rights, explained, 2-4 
Directory Services install, 9 
Directory Services Repair 
explained, 4-76 

Directory sychronization, waiting period, 
3-20 

Directory tree 

changing name context in login scripts, 
5-23 

creating partitions 4-10 (see also 
Partition, Directory) 
example, 13 
objects, 2-5 

synchronizing two trees, 7-42 
Directory types, 3-21 
Directory, and security 
adding a trustee to, with FILER, 3-47 
adding a trustee to, with NetWare 
Administrator, 3-46 

changing the owner of, with FILER, 3- 
59 

changing the owner of, with NetWare 
Administrator, 3-58 

deleting a trustee with NetWare 
Administrator, 3-49 

modifying a trustee’s rights with FILER, 
3-52 

modifying a trustee’s rights with 
NetWare Administrator, 3-51 
rights, explained 3-43 (see also Rights, 
file system) 

Directory, creating 

creating with NetWare Administrator, 3- 
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24 

Disk space, checking for, 7-10 
Diskette, client, making from CD-ROM, 
15 

DISPLAY login script command, using, 5- 
24 

Distribution list, explained, 2-22 
DOS 

installing on the network, 3-31 
DOS in login scripts 
allowing <CtrlxBreak>, 5-25 
COMMAND.COM, specifying location 
of, 5-22 

directory, mapping search drive to, 5-43 
DOS BREAK command, using, 5-25 
DOS COPY command, verifying copies, 
5-26 

DOS VERIFY command, using, 5-26 
environment variables, setting, 5-49 
prompt, setting, 5-50 
type, specifying, 5-60 
version, specifying, 5-60 
DOS SET login script command. See SET 
login script command 
DOS workstation. See also Workstation 
accessing UnixWare side of server from, 
3-17 

environment variables for, setting in 
login scripts, 5-49 

environment variables, setting in login 
scripts, 5-60 

installing DOS workstation software, 19 
non-IBM_PC, using PCCOMPATIBLE 
in login scripts, 5-28, 5-47 
running DOS from the network, 3-31 
DRIVE login script command, using, 5-26 
Drive mapping 

creating, in login scripts, 5-38 
deleting, in login scripts, 5-39 
Directory Map object, explained, 2-22 
to fake root, in login scripts, 5-39 
in login scripts, examples, 5-43 
to physical volume, in login scripts, 5-39 
recommended order in login scripts, 5- 
40 

using with Directory Map object, 
example, 5-42 

with Directory Map object, 3-39 


Drive, default, specifying in login scripts, 
5-26 

DS Repair utility 
explained, 4-76 
options, 4-77 
DSMERGE utility 
explained, 4-84 

E 

Effective rights 
viewing, 3-61 

viewing a trustee’s, with FILER, 3-62 
viewing a trustee’s, with NetWare 
Administrator, 3-61 
Environment 

variables (DOS and OS/2), setting in 
login scripts, 5-49, 5-60 
Environment variables 
setting with LOGIN, 5-3 
Error log 

server, viewing, 7-30 
Error log files 
managing, 7-31 
types of, 7-31 

ERROR_LEVEL identifier variable, 
explained, 5-61 

ETC directory, explained, 3-22 
EXEC menu command, explained, 6-16 
Executable file 

executing after stopping login script, 5- 
27 

executing from within login script, 5-19 
EXIT login script command 
using, 5-27 

using on non-IBM computers, 5-28 
Extended names file, 7-4 
External entity, explained, 2-23 

F 

Fake root 

mapping, in login scripts, 5-39 
mapping, in login scripts, examples, 5- 
44 

FDISPLAY login script command, using, 
5-29 
File 

access control modes, 3-9 
copying, with FILER, 3-28 


copying, with NetWare Administrator, 
3-26 

NetWare, where stored, 3-22 
File Access Control 
utilities for, 3-16, 3-17 
File access control 
modes, 3-9 

using both NetWare and UnixWare, 3- 
17 

using neither NetWare nor UnixWare, 3- 
10 

using NetWare, 3-11 
using UNIX, 3-13 
File access control modes 
None,NetWare,UNIX,Both, 3-10 
File information 
name space, viewing, 3-64 
size, viewing, 3-64 
viewing, with FILER, 3-65 
viewing, with NDIR, 3-66 
viewing, with NetWare Administrator, 
3-64 

File rights, explained, 2-4 
File server. See NetWare server 
File system rights. See Rights, file system 
File systems 

comparing UnixWare and NetWare, 7-5 
configuring UnixWare to accommodate 
NetWare, 7-6 
management tools, 7-3 
managing, 7-3 
types, 7-3 

File, and security. See also Rights, file 
system 

adding a trustee with FILER, 3-47 
adding a trustee with NetWare 

Administrator, 3-46 

changing the owner of, with FILER, 3- 
59 

changing the owner of, with NetWare 
Administrator, 3-58 
deleting a trustee with FILER, 3-49 
deleting a trustee with NetWare 
Administrator, 3-49 

FILE_SERVER identifier variable, 
explained, 5-60 

Files 

access to, 3-9 
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changing the owner, 3-58 
copying, 3-24 

copying or moving, with FILER, 3-28 
moving or copying, with NetWare 
Administrator, 3-26 
number allowed, 3-19 
purging, 3-19 
setting up, 3-19 

viewing information about, 3-64 
word-processed, displaying during 
login, 5-29 

Filter. See Inherited Rights Filter 
FIRE PHASERS login script command, 
using, 5-30 
FLAG utility 
to assign rights, 3-38 
Formula 

accounting charge rates, 7-34 
FSType, 7-3 

FULL_NAME identifier variable, 
explained, 5-59 

G 

GETP menu command, variables, 6-20 
GETx menu command, using, 6-20 
GID 

file access control, 3-13 
matching, 3-14 
nwgroup, 3-14 
values for hybrid user, 3-6 
GOTO login script command, using, 5-31 
GREETING_TIME identifier variable, 
explained, 5-59 
Group object 
explained, 2-23 

managing User objects as a Group, 2-33 
specifying in login scripts, 5-59 

H 

Hard disks 

adding to a NetWare server, 7-10 
Hardware requirements, vi 
host locking, enable, 3-19 
HOUR identifier variable, explained, 5-59 
HOUR24 identifier variable, explained, 5- 
59 

Hybrid parameters, 3-12, 3-16 
Hybrid user, 3-3 


explained, 3-5 
setting up, 3-6 
Hybrid variables, 3-16 


IBM computer. See also Non-IBM 
computer; Workstation 
compatible with, specifying in login 
scripts, 5-47 

long name, specifying in login scripts, 5- 
37, 5-60 

short name, specifying in login scripts, 
5-60 

Identifier variables 
%n, explained, 5-62 

%n, shifting LOGIN parameters with 
SHIFT, 5-52 

conventions in login scripts, 5-10 
displaying value during login, with 
WRITE, 5-56 
examples, 5-62 
listed, 5-59 
using, 5-61 

using with IF.. .THEN, 5-32 
IF.. .THEN login script command 
using, 5-32 

using with identifier variables, 5-32, 5- 
61 

Importing user information with 
UIMPORT, 4-50 

INCLUDE login script command, using, 
5-35 

Inherited Rights Filter (IRF) 
viewing and modifying, with FILER, 3- 
54 

viewing and modifying, with NetWare 
Administrator, 3-53 
Inherited Rights Filter, explained, 2-3 
Installation 
checklist, v 

Directory Services, v, 9 
Installing 

applications on the network, 3-31 
DOS workstation software, 19 
NET ADMIN on a DOS workstation, 20 
NetWare Administrator on a Windows 
workstation, 17 

network applications, guidelines for, 3- 


36 

Windows on the network, 3-33 
Windows workstation software, 17 
Intruder Detection property 
changing, with NET ADMIN, 2-78 
changing, with NetWare Administrator, 
2-75 

IPX 

addresses, 7-13 

auto-discovery, how to use, 7-16 
configuration, automatic, 7-16 
explained, 7-12 
overview of, 7-12 
IRF, explained, 2-3 
IRF. See Inherited Rights Filter 
ITEM command options 
BATCH, explained, 6-13 
CHDIR, explained, 6-14 
listed, 6-13 

PAUSE, explained, 6-14 
SHOW, explained, 6-14 

L 

LAST_NAME identifier variable, 
explained, 5-59 

LASTLOGINTIME login script 
command, using, 5-37 
Leaf objects 

changing property values, with 
NET ADMIN, 2-77 

changing property values, with NetWare 
Administrator, 2-74 
creating searchable, 2-29 
creating, using NETADMIN, 2-31 
creating,using NetWare Administrator, 
2-30 

deleting with NETADMIN, 2-68 
deleting with NetWare Administrator, 2- 
67 

explained, 2-20 
listed, 2-20 

mandatory fields when creating, 2-30 
naming rules, 2-27 
Leaf objects, moving, 2-57 
Leaf objects,moving, 2-60 
LOAD menu command, explained, 6-17 
Loading 

network applications, guidelines for, 3- 
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Log file 

server, viewing, 7-30 

Logging in 

ADMIN User object, 15, 2-16 
attaching to server from login script, 5- 
20 

changing name context in login scripts, 
5-23 

last time of, displaying during login, 5- 
37 

Login script commands 
ATTACH (attaching to servers), 5-20 
CLS (clearing screen), 5-22 
CONTEXT (changing context), 5-23 
DISPLAY (displaying text file), 5-24 
DRIVE (specifying default drive), 5-26 
FDISPLAY (displaying word-processed 
file), 5-29 

IF... THEN (executing conditional 
action), 5-32 

INCLUDE (executing subscript), 5-35 
LASTLOGINTIME (displaying time of 
last login), 5-37 

MACHINE (sets DOS machine name), 
5-38 

MAP (mapping drives and search 
drives), 5-38 

NO_DEFAULT (preventing default 
script), 5-45 

NOSWAP (preventing memory 
swapping), 5-45 

PAUSE (pausing login script execution), 
5-46 

PCCOMPATIBLE (specifying non- 
IBM computers), 5-47 
REMARK (inserting comments), 5-48 
SET_TIME (synchronizing with server), 
5-52 

SHIFT (shifting LOGIN parameters), 5- 
52 

SWAP (swapping memory), 5-54 
WRITE (displaying messages), 5-55 

Login Script property 
changing, with NETADMIN, 2-78 
changing, with NetWare Administrator, 
2-74 

Login script, and drive mappings 


mapping drives to Windows directories 
in, 3-35 

mapping drives with Directory Map 
object in, 3-39 
Login scripts 

commands and variables, listed, 5-18 
container, example, 5-65 
conventions, listed, 5-9 
copying, 5-5 
create, v 

creating, 5-2, 5-5 
default, explained, 5-4 
default, preventing execution of, 5-45 
examples, 5-64 

executing one script as part of another, 
5-35 

exiting to menu from, 5-27, 6-26 
explained, 5-3 

identifier variables, conventions, 5-10 
identifier variables, listed, 5-59 
identifier variables, using, 5-58 
location of, 5-5 
location of, explained, 5-5 
modifying, 5-5 

objects that contain, listed, 5-5 
previous NetWare versions, using, 5-8 
printing, 5-5 
profile, explained, 5-3 
profile, sample, 5-67 
types of, 5-3 
types, explained, 5-3 
user, explained, 5-3 
user, sample, 5-69 
Login scripts, creating 
command syntax, 5-18 
copying, 5-12, 5-14, 5-15 
examples, 5-64 
planning, 5-4 

profile, assigning user to, 5-11, 5-14 
rules, 5-8 

with NETADMIN, 5-12 
with NetWare Administrator, 5-10 
Login scripts, mapping drives 
command format, 5-38 
LOGIN utility 
creating login scripts, 5-3 
LOGIN utility parameters, shifting with 
%n in login scripts, 5-52 


LOGIN_CONTEXT identifier variable, 
explained, 5-59 

LOGIN_NAME identifier variable, 
explained, 5-59 

Long machine name. See also Machine 
name 

non-IBM_PC, using PCCOMPATIBLE 
with, 5-28 

specifying in login scripts, 5-37, 5-60 

M 

MACHINE identifier variable, explained 
5-60. See also Machine name 
MACHINE login script command 
long machine name, specifying in login 
scripts, 5-37 

MACHINE login script command, using, 
5-37 

Machine name 

long, specifying in login scripts, 5-37, 5- 
60 

non-IBM_PC, using PCCOMPATIBLE 
with, 5-28 

short, specifying in login scripts, 5-60 
Macintosh files 

viewing information about with FILER, 
3-65 

viewing information about, with NDIR, 
3-66 

viewing information about, with 
NetWare Administrator, 3-64 
MAIL directory, explained, 3-22 
Managing file systems, 7-3 
Managing users 
objects that help manage, 2-33 
Map drives 
using LOGIN to, 5-3 
MAP login script command 
examples, 5-42 
using, 5-38 

Map object. See Directory Map object 
Mapping drives. See Drive mapping 
Mapping, to DOS, 3-32 
Master replica. See also Replica 
changing to another type, 4-39 
explained, 4-5 

MEMBER OF "group" identifier variable, 
explained, 5-59 
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Memory, workstation 
not swapping, with login scripts, 5-45 
Menu commands. See also NMENU utility 
EXEC (specifying actions), 6-16 
GETx (specifying user input), 6-19 
ITEM (specifying menu options), 6-12 
LOAD (executing one menu from 
another), 6-17 

MENU (naming menus), 6-11 
SHOW (displaying submenu), 6-18 
Menu program. See NMENU utility 
MENU utility, converting to NMENU, 6- 
27 

MENUCNVT command, using, 6-27 
MENUMAKE utility, compiling 
converted menu program, 6-27 
Menus. See NMENU utility 
Merging partitions 
with NetWare Administrator, 4-14 
with PARTMGR, 4-15 
Message routing group 
explained, 2-23 
Messages 

displaying during login, 5-55 
displaying with LOGIN, 5-3 
MINUTE identifier variable, explained, 5- 
59 

MNU filename extension, explained 6-27. 

See also NMENU utility 
MONTH identifier variable, explained, 5- 
59 

MONTH_NAME identifier variable, 
explained, 5-59 
Mount point 
volumes, 3-16 
Moving objects 
with NET ADMIN, 2-60 
with NetWare Administrator, 2-58 

N 

Name 

container object, rules for, 2-13 
user’s full, specifying in login scripts, 5- 
59 

user’s last, specifying in login scripts, 5- 
59 

user’s login, specifying in login scripts, 
5-59 


Name space. See also Macintosh files 
viewing for a directory or file, 3-64 
Name, machine 

long, specifying in login scripts, 5-37, 5- 
60 

short, specifying in login scripts, 5-60 
NCP 

explained, 7-16 
packet signatures, 7-24 
NCP packet signature 
client/server, illustrated, 7-27 
examples, 7-28 
server, assigning, 7-28 
workstation, assigning, 7-28 
NDAY_OF_WEEK identifier variable, 
explained, 5-59 
NDIR utility, 3-66 

viewing information about directories 
and files with, 3-66 

NDS 

about, 4-3 

Partition Management utilities, 4-3 
re-installing, 4-44 
removing, 4-42 
removing using DS Install, 4-3 
using DS Repair, 4-3 
NDS database, 9 
NDS synchronization 
viewing the status of, 4-85 
NDS Trace 
using, 4-85 
NET.CFG 

changing after moving an object, 4-16 
NETADMIN utility, installing on a DOS 
workstation 20. See also specific task 
NetWare 

file access control, 3-11 
files, where stored, 3-22 
protocols, overview of, 7-11,7-12, 7-16 
Medium-Access (MAC), 7-12 
NetWare Core Protocol (NCP), 
7-16 

startup, 7-17 
trustee assignments, 3-9 
users, 3-3 

utilities for file access control, 3-12 


NetWare Administrator utility. See also 
specific task 

creating a Windows icon for, 18 
installing on a Windows workstation, 17 
NetWare Directory Services 
configuring, 4-2 
partitions, explained, 4-5 
setting up partitions and replicas, 4-5 
NetWare protocols 
explained, 7-11, 7-15 
IPX, explained, 7-12 
MAC explained, 7-12 
NCP explained, 7-16 
RIP explained, 7-15 
SPX explained, 7-13 

NetWare Requester for DOS, version, 
specifying in login scripts, 5-60 
NetWare Requester for OS/2 
version, specifying in login scripts, 5-60 
NetWare rights 

changing with UnixWare utilities, 3-17 
translated from UNIX permissions, 3-14 
UnixWare permission bits checking, 3- 
11 

NetWare security, 7-24 
NetWare server 
accounting, setting up, 7-32 
bindery-based, attaching to from login 
script, 5-20 

bringing down process, 7-17 
error log, viewing, 7-30 
managing, 7-17 
packet signature levels, 7-26 
packet signature, assigning, 7-28 
resources, controlling, 7-32 
securing the, 7-25 
security,allowing clients, 7-26 
setting client packet signature levels, 7- 
26 

specifying in login scripts, 5-60 
tuning, 7-18 

NetWare server error log file 
viewing the, 7-30 

NetWare Server Files Setup window, 3-19 
NetWare Server object 
deleting with NetWare Administrator, 4- 
46 

deleting with PARTMGR, 4-48 
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deleting, with NetWare Administrator, 
4-47 

deleting, with PARTMGR, 4-48 
explained, 2-24 
NetWare Server objects 
deleting, 4-46 

NetWare Server objects, naming 
restrictions for, 2-29 
NetWare Services 
software requirements, vi 
NetWare shell, specifying version in login 
scripts, 5-60 

NetWare UNIX Client user 
explained, 3-4 
NetWare user account 
explained, 3-5 

NetWare users without mapping, 3-7 
NetWare volumes 

managing in a UnixWare environment, 
7-3 

NETWARE_REQUESTER identifier 

variable, explained, 5-60 
Network 

address, specifying in login scripts, 5-60 
installing DOS on, 3-31 
installing operating systems on, 3-31 
installing Windows on, 3-33 
Network configuration 
NetWare Setup, 9 

NETWORK_ADDRESS identifier 

variable, explained, 5-60 
NFS-mounting 

supported by Standard file system, 7-4 
NLIST utility, explained 2-56. See also 
SEARCH utility 
NMENU utility 
compiling menus, 6-8 
complex menu example, 6-9 
converting MENU program to NMENU, 
6-27 

elements, explained, 6-5 
examples, 6-9, 6-22 

executing menu program from login 
scripts, 5-27 
explained, 6-3 
illustrated, 6-5 
making menus work, 6-25 
maximum item lines, 6-10 


maximum number of menus, 6-10 

maximum number of windows, 6-10 

memory requirements, 6-3 

name length, 6-10 

numbering, 6-12 

old menu files, converting, 6-27 

planning, 6-7 

planning menus, 6-10 

setting up user environments, 6-25 

simple menu example, 6-9 

starting from login script, 6-26 

steps in creating menus, 6-7 

submenus, numbering, 6-12 

syntax, 6-4 

NMENU utility, commands 
control, listed, 6-15 
GETx, using, 6-20 
ITEM options, explained, 6-13 
MENUCNVT, using, 6-27 
organizational, listed, 6-11 
types, explained, 6-11 
wrapping, 6-10 

NO_DEFAULT login script command, 
using, 5-4, 5-45 

Node address, specifying in login scripts, 
5-60 

Non-IBM computers 
long name, specifying in login scripts, 5- 
37, 5-60 

short name, specifying in login scripts, 
5-60 

NOSWAP login script command 
using, 5-45 

using with # command, 5-19 
NOT MEMBER OF "group" identifier 
variable, explained, 5-60 
NUC user 
explained, 3-4 
NVT 

explained, 7-14 
NVT2, 3-17 
nwroot 

NetWare user, 3-6 
nwroot UnixWare user account, 3-3 
nwuser 

NetWare user, 3-6 
nwuser UnixWare user account, 3-3 


O 

Object 

bindery services, naming restrictions 
for, 2-14 

container, naming rules for, 2-13 
country,explained, 2-13 
moving, 2-57 
NET.CFG, 2-57 
Organization,explained, 2-13 
Organizational Unit, explained, 2-13 
Object name restrictions 
bindery services, 2-28 
Object rights, explained, 2-4 
Object rights. See Rights, object 
Object, properties of, 2-29 
Objects 
ADMIN, 12 
container, 9, 12 
container,types of, 2-11 
creating container, 2-11 
deleting, 2-2 

deleting from the tree, 2-65 
Groups, 2-2 
leaf, 9 

leaf, naming rules, 2-27 
managing, 2-2 
moving, 2-2, 2-57 
NetWare Server, 13 
Organizational role, 2-2 
Profile, 2-2 
properties of, 2-2 
renaming, 2-2 

renaming leaf and container, 2-69 
rights needed, 2-3 
searching for, 2-2 
set up, 2-2 
SYS, 12 
Users, 2-2 
volume, 12, 14 
working with, 11 
Objects, example of, 2-12 
Objects, searching for, 2-53 
Objects. See also specific objects 
Directory Map object, mapping drive in 
login scripts, 5-42 
with login scripts, 5-5 
Operating system 
assigning trustee rights to, 3-37 
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Operating systems 
installing on the network, 3-31 
loading on the network, 3-31 
Organization object 

changing property values with NetWare 
Administrator, 2-73 
explained, 2-13 
login script (see Login scripts) 
Organization,creating user templates in, 2- 
48 

Organizational Role object 
creating, 2-45 

creating with NETADMIN, 2-47 
creating with NetWare Administrator, 2- 
45 

explained, 2-24 
managing, 2-44 
Organizational Unit object 
changing property values with NetWare 
Administrator, 2-73 

changing property values, with 

NETADMIN, 2-77 
explained, 2-13 
login script (see Login scripts) 
Organizational Unit, creating user 

templates in, 2-48 

OS identifier variable, explained, 5-60 
OS/2 clients, 3-17 
OS/2 HPFS files 

viewing information about with FILER, 

3-65 

viewing information about with NDIR, 
3-66 

viewing information about with 

NetWare Administrator, 3-64 
OS/2 workstation. See also NetWare 

Requester for OS/2; Workstation 
environment variables for, setting in 
login scripts, 5-49, 5-60 
OS_VERSION identifier variable, 
explained, 5-60 
Owner, directory or file 
changing with FILER, 3-59 
changing with NetWare Administrator, 
3-58 

viewing information about, 3-64 


P_STATION identifier variable, 
explained, 5-60 
Packet Burst 
explained, 7-20 
Packet forgery 
preventing, 7-24 
Packet signature 
assigning for DOS, 7-28 
assigning for Windows, 7-28 
Packet signatures, assigning for NUC, 7- 
29 

Partition 
aborting, 4-21 

moving using NETADMIN, 4-19 
moving using NetWare Administrator, 

4-17 

Partition Manager, restricting users, 4-9 
Partition, Directory. See also Replica 
creating, with NetWare Administrator, 
4-11 

creating, with PARTMGR, 4-12 
deleting a server containing, with 
NetWare Administrator, 4-47 
deleting a server containing, with 
PARTMGR, 4-48 

listing, with NetWare Administrator, 4- 
34 

listing, with PARTMGR, 4-35 
merging, explained, 4-13 
merging, with NetWare Administrator, 
4-14 

merging, with PARTMGR, 4-15 
planning, 4-5 

rules and guidelines for using, 4-7 
Partitions 

creating with NetWare Administrator, 4- 
10 

creating with PARTMGR, 4-12 
merging two, 4-13 

merging with parent using NetWare 
Administrator, 4-13 

merging with parent using PARTMGR, 
4-15 

moving, 4-16 
NetWare, segmenting, 7-6 
planning, 4-6 

using the repair log file, 4-81 


viewing a list of, 4-33 
viewing a list of in a directory tree, 4-38 
viewing the status of, 4-81 
PARTMGR 

managing database partitions using, 4-3 
Password 

displaying expiration time during login, 

5-60 

Password Restrictions property 
changing, with NETADMIN, 2-78 
changing, with NetWare Administrator, 
2-74 

P AS S WORD_EXPIRES identifier 

variable, explained, 5-60 
PAUSE login script command, using, 5-46 
PAUSE option for ITEM menu command, 
explained, 6-14 

PCCOMPATIBLE login script command 
using, 5-47 

using with EXIT, 5-28 
permissions 
UnixWare, 3-10 

Permissions, UnixWare to NetWare, 3-15 
Phaser sound (FIRE PHASERS login 
script command), 5-30 
Planning 
login scripts, 5-4 
menus, 6-8 

partitions and replicas, 4-5 
Postal Address property 
changing, with NETADMIN, 2-79 
changing, with NetWare Administrator, 
2-75 

Print Queue object, explained, 2-24 
Print Server object, explained, 2-25 
Printer object, explained, 2-25 
Privileges 

to administer NetWare network, 10 
UnixWare user accounts, 3-3 
privileges 

to administer NetWare network, 10 
Profile login script. See also Login scripts 
creating, 5-12, 5-14 
example, 5-68 
explained, 5-3 
Profile object 

assigning user to, 5-11, 5-13 
changing Login Script property with 
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NET ADMIN, 2-79 

changing Login Script property with 
NetWare Administrator, 2-75 
creating, 2-42 

creating with NETADMIN, 2-43 
creating with NetWare Administrator, 2- 
42 

explained, 2-25 

login script, example of 5-68 (see also 
Login scripts) 

managing User objects with, 2-41 
Prompt, setting in login scripts, 5-50 
Properties 

Security Equal To, 2-3 
Properties, object. See Account 
Restrictions property; Intruder 
Detection/Lockout property; Login 
Script property; Password 
Restrictions property; Postal Address 
property; Security Equivalences 
property 

Property rights, explained, 2-4 
Property rights. See Rights, property 
Property values 
changing for objects, 2-73 
PUBLIC directory 
explained, 3-22 

mapping drive in login scripts, 5-41 

Q 

Queue object. See Print Queue object 

R 

RAM, workstation 
required for NMENU, 6-3 
Read Only replica. See also Replica 
changing to another type, with NetWare 
Administrator, 4-39 

changing to another type, with 

PARTMGR, 4-40 
explained, 4-6 

Read property right, explained 2-6. See 
also Rights, property 
Read/Write replica. See also Replica 
changing to another type, with NetWare 
Administrator, 4-39 

changing to another type, with 

PARTMGR, 4-40 


Read-only volume attribute, 3-12, 3-16 
REM (REMARK) login script command, 
using, 5-48 

Rename object right, explained 2-5. See 
also Rights, object 
Renaming objects 
explained, 2-69 
with NETADMIN, 2-71 
Replica 

changing the type, with NetWare 
Administrator, 4-39 

changing the type, with PARTMGR, 4- 
40 

creating, with NetWare Administrator, 
4-24 

creating, with PARTMGR, 4-25 
deleting a server containing a, 4-46 
deleting, with NetWare Administrator, 
4-26 

deleting, with PARTMGR, 4-27 
explained, 4-5 

listing, with NetWare Administrator, 4- 
36 

listing, with PARTMGR, 4-37 
planning, 4-6 

rules and guidelines for using, 4-7 
using to manage NDS, 4-5 
Replicas 

changing the type of, 4-38 
checking for synchronization, 4-31 
creating with NetWare Administrator, 4- 
24 

creating with PARTMGR, 4-25 
deleting, 4-26 
Master, explained, 4-5 
placing on different servers, 4-3 
planning, 4-6 

Read/Write, explained, 4-6 
Read-Only, explained, 4-6 
Subordinate, explained, 4-6 
updating, 4-29 

updating with NetWare Administrator, 
4-29 

updating with PARTMGR, 4-30 
using the repair log file, 4-81 
viewing a list of in a partition, 4-35 
viewing the status of, 4-81 


REQUESTER_CONTEXT identifier 
variable, explained, 5-60 
Rights 

blocking by IRF, 2-6 
Browse object, 13 
Erase, 3-15 
file scan, 3-15 
Modify, 3-15 
object, 2-4, 2-5 
objects,blocking, 2-5 
property, 2-4, 2-6 
PUBLIC, 12 

Read and Execute for SYS 
LOGIN, 3-16 
Supervisor, 12, 13 
Supervisor, Access Control, 3-15 
to SYS, 12 
types of, 2-4 
Rights, file system 
assigning to a trustee, 3-43 
assigning to operating system 
directories, 3-37 

calculating for both systems, 3-18 
checking for NetWare, 3-11 
effective, viewing a trustee’s with 
FILER, 3-62 

effective, viewing a trustee’s with 
NetWare Administrator, 3-61 
explained, 3-43 

modifying a trustee’s with FILER, 3-52 
modifying a trustee’s with NetWare 
Administrator, 3-51 

viewing and modifying an Inherited 
Rights Filter, with FILER, 3-54 
viewing and modifying an Inherited 
Rights Filter, with NetWare 
Administrator, 3-53 
Rights, object 

default for User object ADMIN, 13 
default for User objects, 13 
explained, 2-5 
listed, 2-5 
Rights, property 
explained, 2-6 
listed, 2-6 
RIP 

explained, 7-15 
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Root, fake 

mapping in login scripts, 5-39 
mapping in login scripts, examples, 5-44 

S 

SAP 

explained, 7-15 
Scripts. See Login scripts 
Search drive 

deleting, in login scripts, 5-39 
mapping in login scripts, 5-38 
mapping to fake root, in login scripts, 5- 
39 

mapping to physical volume, in login 
scripts, 5-39 

recommended order, in login scripts, 5- 
41 

SEARCH utility 

creating searchable container objects, 2- 
15 

searching with NetWare Administrator, 
2-53 

searching with NLIST utility, 2-56 
SECOND identifier variable, explained, 5- 
59 

Security 

file system, 3-43 

Security Equivalence, explained, 2-3 
Security Equivalences property 
setting for User with NETADMIN, 2-79 
setting for User, with NetWare 
Administrator, 2-75 
Semicolon, using in login scripts, 5-48 
Server objects 
deleting, 2-65 
explained, 12 

Server. See NetWare server 

SET login script command, using, 5-49 

Set up 

file system, v 
NDS objects, v 
network, 9 
printing, v 

SET_TIME login script command, using, 
5-51 

Shell, NetWare, specifying version in 
login scripts, 5-60 


SHELL_TYPE identifier variable, 

explained, 5-60 

SHIFT login script command, using, 5-52 
Short machine name, specifying in login 
scripts 5-60. See also Machine name 
SHORT_YEAR identifier variable, 

explained, 5-59 

SHOW menu command, explained, 6-18 
SHOW option for ITEM menu command, 
explained, 6-14 

SMACHINE identifier variable, explained 
5-60. See also Machine name 

SPX 

explained, 7-13 

SRC file extension for menus, 6-8 
Standard volumes 
features, 7-3 

STATION identifier variable, explained, 
5-60 

Submenus, defining and numbering, 6-12 
Subscript, executing as part of login script, 
5-35 

Supervisor object right, explained 2-5. See 
also Rights, object 

Supervisor property right, explained 2-6. 

See also Rights, property 
SWAP login script command 
compared to NOSWAP, 5-45 
using, 5-54 

using with # command, 5-19 
Synchronization 
network time, 7-36 

Standard with UnixWare file system, 7- 
3 

Synchronization of network time. See 
Time synchronization 
SYS: volume 

directories in, created automatically, 3- 
22 

SYS:ETC directory, explained, 3-22 
SYS:LOGIN directory, explained, 3-22 
SYS:MAIL directory, explained, 3-22 
SYS:PUBLIC directory, 3-22 
mapping search drive in login scripts, 5- 
41 

SYS:PUBLIC, creating directories in, 3-31 
SYS:SYSTEM directory, explained, 3-22 
SYSTEM directory, explained, 3-22 


System login script. See also Login scripts 
creating, 5-12, 5-14 
example, 5-65 
System Owner, 3-3 


TEMP SET login script command. See 
SET login script command 
Template. See User template 
Text file 

displaying during login, 5-24 
executing as subscript of login script, 5- 
35 

text utility 
FILER, iv 
NETADMIN, iv 
PARTMGR, iv 

Text, displaying during login, 5-55 
Time 

specifying in login scripts, 5-59 
workstation, synchronizing with server 
in login scripts, 5-51 
Time synchronization 
checking, 4-79 

example with two Directory trees, 7-42 
managing network, 7-36 
time server type, changing, 7-36 
Tree. See Directory tree 
Trustee 

adding, with FILER, 3-47 
adding, with NetWare Administrator, 3- 
46 

deleting, with FILER, 3-49 
deleting, with NetWare Administrator, 
3-49 

modifying, with FILER, 3-52 
modifying, with NetWare 

Administrator, 3-51 
Trustee assignments 
example of, 2-8 
in NDS, 2-4 
managing, 2-8 
using NETADMIN, 2-9 
using NetWare Administrator, 2-8 
where stored, 3-9, 7-4 
Trustee rights 
adding, 2-9 
changing, 2-9 
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deleting, 2-9 
viewing, 2-9 

Trustee rights. See also Rights; Trustee 
effective, calculating, 3-11 
effective, viewing with FILER, 3-62 
effective, viewing with NetWare 
Administrator, 3-61 
explained, 3-43 

Trustee. See also Rights; Trustee rights 
adding to a directory or file with FILER, 
3-47 

adding to a directory or file with 
NetWare Administrator, 3-46 
assignment, explained, 2-3 
deleting from a directory or file with 
FILER, 3-49 

deleting from a directory or file, with 
NetWare Administrator, 3-49 
explained, 2-3 
list, explained, 2-3 
modifying rights with FILER, 3-52 
modifying rights with NetWare 
Administrator, 3-51 
Tuning 

setting error log file size, 7-19 
setting packet burst, 7-20 

U 

UID 

file access control, 3-13 
hybrid, 3-13 
hybrid,UnixWare, 3-18 
matching, 3-13 
nwroot, 3-13 
nwuser, 3-13 
UID values 
hybrid user, 3-6 
UID,GID 

permission bits, 3-14 
UIMPORT 

using to create user objects, 4-74 
UIMPORT utility 
creating user objects with, 4-50 
explained, 4-3, 4-50 
field names, 4-69 
importing data to NDS with, 4-50 
umask,setting default, 3-19 
UNIX 


file access control, 3-13 
UNIX files 

viewing information about, with FILER, 
3-65 

viewing information about, with NDIR, 
3-66 

viewing information about, with 
NetWare Administrator, 3-64 
UNIX permissions 
translated to NetWare rights, 3-14 
UNIX processes. See alsoEngines 
NetWare for UnixWare engines, 7-19 
UnixWare permissions 
changing, 3-17 
User information 
USER_TEMPLATE, 2-17, 2-19 
User login script. See also Login scripts 
creating, 5-10, 5-12 
example, 5-69 
explained, 5-3 

NO_DEFAULT command, using, 5-4 
User object 
ADMIN, 2-3 

changing property values, with 
NETADMIN, 2-78 
creating with UIMPORT, 4-50 
explained, 2-26 
property, 2-3 

User object ADMIN. See ADMIN user 
object 

User object in login scripts 
full name, specifying, 5-59 
ID number, specifying, 5-60 
last name, specifying, 5-59 
login name, specifying, 5-59 
User objects 
deleting, 2-66 
Group, 2-33 
Organization, 2-33 
Organizational Role, 2-33 
Organizational Unit, 2-33 
Profile, 2-33 

USER_TEMPLATE, 2-33 
User objects,managing a Group, 2-33 
User Space Limits property, changing in a 
volume, 2-76 
User template 

creating with NETADMIN, 2-51 


creating with NetWare Administrator, 2- 
50 

explained, 2-48 
User types, 3-2 
UnixWare, 3-3 

USER_ID identifier variable, explained, 5- 
60 

Users 
hybrid, 3-3 
NetWare, 3-3 
Utilities 

file access control, 3-12 
text, iv 
utilities 
ADMIN, 2-4 
Utilities in login scripts 
DOS, mapping drive to, 5-41 
executing, 5-18 

V 

Variables 

<variable> identifier variable, 
explained, 5-60 

environment (DOS and OS/2), setting in 
login scripts, 5-49 
GETP command, example, 6-20 
login script, explained, 5-18 
VERIFY. See DOS VERIFY login script 
command 
Volume 

configurable parameters, 7-8 
defined in relation to UnixWare file 
system, 7-6 

management utilities, 7-9 
managing, 7-3 

mapping drive in login scripts, 5-39 
Standard file system, 3-10 
usinodes file, 7-8 
Volume attribute, 3-12, 3-16 
Volume object 
explained, 2-27 
Volume Restrictions property 
changing with NETADMIN, 2-80 
changing with NetWare Administrator, 
2-76 

Volume statistics, 7-6 
Volumes 

configuration parameters, 7-8 
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mounting CD-ROM, 7-4 
mounting NFS, 7-5 
mounting Standard, 7-3 
NetWare, interdependencies with 
UnixWare partitions, 7-5 
number supported, 7-6 

W 

Watchdog 

logging watchdog logouts, 7-22 
setting delay time, 7-22 
setting number of packets, 7-22 
Windows 

files needed to run NetWare, 3-33 
guidelines for running in NetWare, 3-34 
icon for NetWare Administrator, 
creating, 18 

installing on the network, 3-33 
loading, 3-31 

mapping search drive in login scripts, 5- 
41 

network installation methods, explained, 
3-33 

running on the network, 3-34 
setting up, 3-35 

Windows workstation. See also 

Workstation 

installing Windows workstation 

software, 17 

making client installation diskettes from 
CD-ROM, 15 

Workstation, specifying in login scripts 
clearing screen, 5-22 
connection number, 5-60 
machine name, 5-37 
network address, 5-60 
node address, 5-60 
PCCOMPATIBLE command, 5-28 
time, synchronizing with server, 5-51 
Workstation. See also DOS workstation; 
OS/2 workstation; Windows 
workstation 

network address, specifying in login 
scripts, 5-60 

packet signature, assigning, 7-36 
WRITE login script command, using, 5-55 
Write property right, explained 2-6. See 
also Rights, property 
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YEAR identifier variable, explained, 5-59 



